CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability was detected in Tenda JD12L 16.03.53.23, involving a stack-based buffer overflow in the fromSetWifiGusetBasic function of the /goform/WifiGuestSet file. An attacker can remotely exploit this by manipulating the shareSpeed argument.
A stack-based buffer overflow vulnerability has been detected in Tenda JD12L firmware version 16.03.53.23 in the formSetPPTPServer function of the /goform/SetPptpServerCfg file. Manipulation of the startIp argument allows remote exploitation. The exploit has been publicly disclosed and may be used.
A vulnerability has been found in ANTLR4 up to version 4.13.2 in the grammar action block handler function within OutputFile.java. Input manipulation can lead to remote code injection. A public exploit is available for attacks.
SQL Injection vulnerability in yashpokharna2555 restaurant-management-system. An attacker can remotely manipulate the 'email' argument in /forgotpassword.php, leading to SQL injection. Exploit is publicly available.
A SQL injection vulnerability has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php in the file /preview7.php. Manipulation of the course_year_section argument allows remote exploitation. The exploit has been publicly released and may be used in attacks.
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /archive.php file via the sy argument. The attack can be performed remotely and the exploit is publicly available.
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /preview6.php file. Manipulation of the course_year_section argument allows remote attack. The exploit has been publicly disclosed.
A SQL injection vulnerability was discovered in SourceCodester Class and Exam Timetabling System 1.0 in the /preview.php file. An attacker can remotely manipulate the course_year_section argument, leading to SQL injection. The exploit has been made public, increasing the risk of exploitation.
In Zephyr's BSD-sockets getaddrinfo() implementation, a use-after-return vulnerability occurs when a semaphore wait times out. The code retries the DNS query without canceling the previous one, leaving a stale stack pointer active. A delayed DNS response or resolver timeout can then write to out-of-scope stack memory, causing crashes or memory corruption.
A vulnerability in RustDesk allows privilege escalation within a file transfer session. The gating of incoming control messages is based on per-capability flags rather than the session's authorized connection type, and a file transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded screenshot and display-capture handlers, acting outside its granted scope.
In MyBB 1.8.40, a limited administrator with user management permissions can assign any usergroup, including the Administrators group (gid 4). The verify_usergroup() function in the user module always returns true, allowing privilege escalation to full administrator permissions.
A vulnerability in libssh2 up to version 1.11.1 allows an attacker-controlled SSH server to read a 32-bit attribute count from a publickey-subsystem response. This count is used for memory allocation without bounds checking, causing multiplication overflow on 32-bit platforms and an undersized buffer. A malicious server can then write past the allocation, leading to a heap buffer overflow in the connecting libssh2 client.
In FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c), there is a heap out-of-bounds write vulnerability. The issue arises because 32-bit reads and writes are performed before the NEXT_LINE row-boundary check, and the DLTA region is validated in pixel rather than byte units, allowing access several bytes past the row allocation on a PAL8 frame.
The Frontend File Manager Plugin for WordPress up to version 23.6 is vulnerable to authenticated arbitrary file deletion. The issue is a case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler, allowing an attacker to delete arbitrary files on the server.
In Zephyr's IP socket recvmsg() implementation (sockets_inet.c), the insert_pktinfo() function incorrectly validates the control buffer size, omitting the cmsg header size, leading to an out-of-bounds write. This affects versions from 3.6.0 to 4.4.0.
A vulnerability in the FreeBSD kernel in the CONS_HISTORY ioctl handler allows an unprivileged local user to perform an out-of-bounds write. A large history size causes an integer overflow in buffer size calculation, resulting in a heap allocation smaller than expected and subsequent write beyond the allocation.
The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen.
A use-after-free vulnerability was found in the Linux kernel audio drivers. When an audio device is closed, the audio buffer may be freed while the memory mapping remains valid, allowing access to freed kernel memory.
A vulnerability in the Linuxulator (FreeBSD's Linux binary compatibility layer) causes the AT_SECURE flag to be incorrectly set to zero for executables with set-user-ID or set-group-ID bits. This allows an unprivileged local user to inject a shared library via the LD_PRELOAD environment variable into such a binary.
In the kernel handler for IPV6_MSFILTER, a use-after-free vulnerability exists. The handler drops a serializing lock while copying the source-filter list from userspace, then reacquires the lock. During this window, another thread can free the multicast filter structure, leaving the handler with a stale pointer to freed memory.

