CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.14)
SocuSoft iPod Photo Slideshow version 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler.
Softneta MedDream PACS Server Premium version 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.
SocuSoft DVD Photo Slideshow Professional version 8.07 contains a stack-based buffer overflow vulnerability in the registration name field, allowing local attackers to execute arbitrary code by exploiting structured exception handling.
MedDream PACS Server Premium version 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.
The mooSocial Store plugin version 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality.
Nord VPN version 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.
CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.
PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.
Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'name' parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data.
Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter.
AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling.
Splinterware System Scheduler Pro version 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.
A security vulnerability has been identified in Edimax EW-7438RPn version 1.31 affecting the formRadius function in the /goform/formRadius file. Manipulation of the submit-url argument leads to stack-based buffer overflow.
A weakness has been identified in Edimax EW-7438RPn 1.31, impacting the function formAccept of the file /goform/formAccept. Manipulating the argument submit-url can lead to stack-based buffer overflow.
A security flaw has been discovered in Edimax EW-7438RPn version 1.31, affecting the function formConnectionSetting of the file /goform/formConnectionSetting. Manipulating the arguments max_Conn/timeOut results in stack-based buffer overflow.
A vulnerability was detected in FoundDream miniclawd up to version 2d65665046e2222eeea76cafc8570ed546a8c125, affecting the function in the file /src/application/skills-loader.ts of the SkillsLoader component. Manipulating the argument requires.bins results in command injection.
The Kenik Camera management Panel is vulnerable to a Path Traversal attack. An unauthenticated attacker can send a GET request with an arbitrary file path and read corresponding files located on the server.
A vulnerability has been detected in FoundDream miniclawd affecting the ExecTool.execute function in the /src/tools/exec.ts file. Manipulation of this function leads to OS command injection, which can be exploited remotely.
A vulnerability was found in Simple POS and Inventory System 1.0 that allows SQL injection through manipulation of the 'Name' argument in the /user/search.php file. The attack can be performed remotely.
A vulnerability has been detected in Edimax BR-6478AC version 1.23, affecting the function formL2TPSetup in the file /goform/formL2TPSetup. Manipulation of the argument L2TPUserName leads to buffer overflow.

