CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.14)

CVE-2026-9481
High

A flaw has been found in Edimax EW-7438RPn version 1.31 affecting the function formStats in the file /goform/formStats. Manipulation of the argument submit-url causes stack-based buffer overflow.

CVE-2026-9480
High

A vulnerability was detected in Edimax EW-7438RPn 1.31, affecting the formrefresh function in the /goform/formrefresh file. Manipulation of the submit-url argument results in a stack-based buffer overflow.

CVE-2026-9479
High

A security vulnerability has been detected in Edimax EW-7438RPn version 1.31. The issue concerns the formLogout function in the /goform/formLogout file, where manipulation of the submit-url argument leads to a stack-based buffer overflow.

CVE-2026-9474
High

A vulnerability was found in yashpokharna2555 StudentManagementSystem affecting the confirm_logged_in function in /studentdel.php. Manipulation of the ID argument results in SQL injection, allowing for remote attacks.

CVE-2026-9470
High

A vulnerability has been detected in the yashpokharna2555 Student Management System that allows SQL injection through manipulation of the FIRST_NAME, Last_Name, or EMAIL arguments in the confirm_logged_in function in the student_trans.php file.

CVE-2026-9469
High

A weakness has been identified in the yashpokharna2555 Student Management System, affecting an unknown function in the /success.php file. Manipulation of the User argument leads to SQL injection.

CVE-2026-42782
High

A vulnerability in Apache Syncope related to improper isolation or compartmentalization allows an administrator to create a malicious Groovy class that can execute untrusted code outside of a sandbox.

CVE-2026-9465
High

A vulnerability was found in Tiandy Easy7 Integrated Management Platform version 7.17.0, allowing SQL injection via manipulation of the strTBName argument in the /Easy7/apps/WebService/GetDBDataEx.jsp file.

CVE-2026-9463
High

A flaw has been found in Edimax EW-7438RPn version 1.31 affecting the function formLicence in the file /goform/formLicence. Manipulation of the argument submit-url causes stack-based buffer overflow, which can be exploited remotely.

CVE-2026-9462
High

A vulnerability was detected in Edimax EW-7438RPn version 1.31, affecting the function formWpsProxyEnable in the file /goform/formWpsProxyEnable. Manipulation of the argument submit-url results in stack-based buffer overflow.

CVE-2026-47077
High

A vulnerability in the hackney library allows for unbounded accumulation of HTTP/3 responses in memory, potentially leading to resource exhaustion.

CVE-2026-47075
High

The vulnerability related to improper neutralization of CRLF sequences in the hackney library allows HTTP request splitting. Hackney does not percent-encode carriage return ( ) or line feed ( ) characters in the URL query component before constructing the HTTP/1.1 request target.

CVE-2026-47073
High

CVE-2026-47073 in the benoitc hackney library has a resource allocation issue without limits, allowing Flooding attacks. The WebSocket client imposes no upper bound on memory consumption in three code paths, leading to memory exhaustion.

CVE-2026-47072
High

The CRLF Injection vulnerability in the hackney library allows for HTTP Request/Response Splitting. An attacker can inject arbitrary HTTP headers into the outbound WebSocket upgrade request, leading to various threats such as credential spoofing or malicious request forwarding.

CVE-2026-47071
High

Uncontrolled Resource Consumption vulnerability in the benoitc hackney library allows for Flooding attacks. The issue arises because after establishing a SOCKS5 connection, the timeout for the TLS connection is set to infinity by default, potentially leading to the blocking of the connecting process.

CVE-2026-47067
High

A vulnerability in the hackney library allows for flooding the BEAM atom table through unbounded resource allocation. An attacker can supply malicious URLs, leading to a crash of the entire BEAM virtual machine.

CVE-2026-47066
High

CVE-2026-47066 vulnerability in the hackney library causes an infinite loop due to an unreachable exit condition, leading to excessive resource allocation. The Alt-Svc response header parser does not guarantee progress, resulting in the process being pinned at 100% CPU.

CVE-2018-25381
High

Joomla Responsive Portfolio version 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests.

CVE-2018-25380
High

The Joomla Component eXtroForms version 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.

CVE-2018-25379
High

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.

PreviousPage 253 of 3343Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS