CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.14)
A vulnerability was detected in Edimax EW-7438RPn 1.31 affecting the function formHwSet of the file /goform/formHwSet. Manipulation of the arguments leads to stack-based buffer overflow.
A vulnerability has been identified in Edimax EW-7438RPn version 1.31 that allows for stack-based buffer overflow through manipulation of arguments in the formWlanMP function. An attacker can exploit this vulnerability remotely.
Zidentyfikowano podatność w KLiK SocialMediaWebsite w wersji 1.0, która dotyczy nieznanego przetwarzania komponentu obsługi parametrów żądania HTTP POST. Manipulacja tym komponentem prowadzi do możliwości wstrzyknięcia kodu.
A vulnerability was identified in KLiK SocialMediaWebsite 1.0 affecting the uniqid function in the upload.inc.php file of the File Handler component. This allows unrestricted file uploads.
A command injection vulnerability exists in Aterm. A malicious third party gaining administrator access to the product's web console may execute arbitrary OS commands via adjacent network.
A vulnerability in NitroSense versions 3.x before 3.01.3052 allows local privilege escalation. The program exposes a misconfigured Windows Named Pipe, enabling any authenticated local user to execute arbitrary code with SYSTEM privileges and delete arbitrary files with SYSTEM privileges.
A vulnerability was identified in Edimax BR-6675nD version 1.12, occurring in the function formWlSiteSurvey of the file /goform/formWlSiteSurvey. Manipulation of the argument selSSID leads to buffer overflow.
A vulnerability has been found in Edimax BR-6675nD 1.12, affecting the function formWanTcpipSetup in the file /goform/formWanTcpipSetup. Manipulation of the argument pppUserName leads to buffer overflow, which can be exploited remotely.
A vulnerability was detected in Edimax BR-6675nD 1.12, affecting the function formsetPPPoE in the file /goform/formsetPPPoE. Manipulating the argument pppUserName results in buffer overflow, allowing for remote attack.
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker, allowing escaping Flatpak and Snap sandboxes.
A weakness has been identified in Besen BS20 EV Charging Station up to 20260426, affecting some unknown functionality of the OTA Update Installation Handler. This manipulation causes improper authorization.
A vulnerability was found in H3C Magic B0 up to version 100R002, affecting the function Edit_BasicSSID_5G of the file /goform/aspForm. Manipulating the argument param results in buffer overflow.
A vulnerability has been detected in Tenda F456 version 1.0.0.5, affecting the frmL7ImForm function in the /goform/L7Im file. Manipulation of the page argument leads to buffer overflow, which can be exploited by a remote attacker.
A vulnerability has been found in itsourcecode Electronic Judging System 1.0 affecting an unknown part of the file /intrams/admin/login.php. Manipulation of the argument Username leads to SQL injection.
Wszystkie wersje biblioteki HuggingFace transformers przed wersją 5.3.0 zawierają krytyczną podatność na zdalne wykonanie kodu. Atakujący może stworzyć złośliwy plik `config.json`, który po załadowaniu przez ofiarę umożliwia wykonanie dowolnego kodu Python z pełnymi uprawnieniami systemu operacyjnego ofiary.
A flaw has been found in Edimax BR-6675nD version 1.12 affecting the function formPPTPSetup in the file /goform/formPPTPSetup. Manipulating the argument pptpUserName can lead to buffer overflow, which may be exploited remotely.
A vulnerability was detected in Edimax BR-6675nD 1.12 affecting the function formPPPoESetup in the file /goform/formPPPoESetup. Manipulating the argument pppUserName results in buffer overflow, which can be exploited remotely.
A vulnerability has been detected in Edimax BR-6675nD version 1.12 affecting the formL2TPSetup function in the /goform/formL2TPSetup file. Manipulation of the L2TPUserName argument leads to buffer overflow, which can be exploited remotely.
A flaw has been found in ItzCrazyKns Vane up to 1.12.1, affecting unknown code in the file src/app/api/providers/route.ts of the Model Provider API component. Manipulation of the argument baseURL leads to server-side request forgery.
A vulnerability was identified in NousResearch hermes-agent up to version 2026.4.16, impacting the execute_code function in the tools/code_execution_tool.py file of the Environment Variable Handler component. This manipulation leads to a sandbox issue, allowing for remote attack.

