CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.14)
A flaw has been found in Edimax EW-7438RPn version 1.31 affecting the function formStats in the file /goform/formStats. Manipulation of the argument submit-url causes stack-based buffer overflow.
A vulnerability was detected in Edimax EW-7438RPn 1.31, affecting the formrefresh function in the /goform/formrefresh file. Manipulation of the submit-url argument results in a stack-based buffer overflow.
A security vulnerability has been detected in Edimax EW-7438RPn version 1.31. The issue concerns the formLogout function in the /goform/formLogout file, where manipulation of the submit-url argument leads to a stack-based buffer overflow.
A vulnerability was found in yashpokharna2555 StudentManagementSystem affecting the confirm_logged_in function in /studentdel.php. Manipulation of the ID argument results in SQL injection, allowing for remote attacks.
A vulnerability has been detected in the yashpokharna2555 Student Management System that allows SQL injection through manipulation of the FIRST_NAME, Last_Name, or EMAIL arguments in the confirm_logged_in function in the student_trans.php file.
A weakness has been identified in the yashpokharna2555 Student Management System, affecting an unknown function in the /success.php file. Manipulation of the User argument leads to SQL injection.
A vulnerability in Apache Syncope related to improper isolation or compartmentalization allows an administrator to create a malicious Groovy class that can execute untrusted code outside of a sandbox.
A vulnerability was found in Tiandy Easy7 Integrated Management Platform version 7.17.0, allowing SQL injection via manipulation of the strTBName argument in the /Easy7/apps/WebService/GetDBDataEx.jsp file.
A flaw has been found in Edimax EW-7438RPn version 1.31 affecting the function formLicence in the file /goform/formLicence. Manipulation of the argument submit-url causes stack-based buffer overflow, which can be exploited remotely.
A vulnerability was detected in Edimax EW-7438RPn version 1.31, affecting the function formWpsProxyEnable in the file /goform/formWpsProxyEnable. Manipulation of the argument submit-url results in stack-based buffer overflow.
A vulnerability in the hackney library allows for unbounded accumulation of HTTP/3 responses in memory, potentially leading to resource exhaustion.
The vulnerability related to improper neutralization of CRLF sequences in the hackney library allows HTTP request splitting. Hackney does not percent-encode carriage return ( ) or line feed ( ) characters in the URL query component before constructing the HTTP/1.1 request target.
CVE-2026-47073 in the benoitc hackney library has a resource allocation issue without limits, allowing Flooding attacks. The WebSocket client imposes no upper bound on memory consumption in three code paths, leading to memory exhaustion.
The CRLF Injection vulnerability in the hackney library allows for HTTP Request/Response Splitting. An attacker can inject arbitrary HTTP headers into the outbound WebSocket upgrade request, leading to various threats such as credential spoofing or malicious request forwarding.
Uncontrolled Resource Consumption vulnerability in the benoitc hackney library allows for Flooding attacks. The issue arises because after establishing a SOCKS5 connection, the timeout for the TLS connection is set to infinity by default, potentially leading to the blocking of the connecting process.
A vulnerability in the hackney library allows for flooding the BEAM atom table through unbounded resource allocation. An attacker can supply malicious URLs, leading to a crash of the entire BEAM virtual machine.
CVE-2026-47066 vulnerability in the hackney library causes an infinite loop due to an unreachable exit condition, leading to excessive resource allocation. The Alt-Svc response header parser does not guarantee progress, resulting in the process being pinned at 100% CPU.
Joomla Responsive Portfolio version 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests.
The Joomla Component eXtroForms version 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.

