VulDB Recent Entries

A vulnerability described as problematic has been identified in Apache Airflow up to 3.2.1. Affected by this vulnerability is an unknown functionality. The manipulation results in open redirect. This vulnerability is cataloged as CVE-2026-40961. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Apache Airflow up to 3.2.1. Affected is an unknown function of the component FileTaskHandler. The manipulation leads to symlink following. This vulnerability is listed as CVE-2026-40861. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-side request forgery. This vulnerability is tracked as CVE-2026-10274. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability identified as critical has been detected in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. This vulnerability is identified as CVE-2026-10273. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to apply a patch to fix this issue.

A vulnerability categorized as critical has been discovered in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. This vulnerability is referenced as CVE-2026-10272. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. It has been rated as critical. The affected element is an unknown function of the file admin/ of the component Admin Endpoint. This manipulation of the argument uid causes execution after redirect. The identification of this vulnerability is CVE-2026-10271. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in D-Link DI-7001 MINI up to 19.09.19A1. It has been declared as critical. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. This vulnerability was named CVE-2026-10270. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in decolua 9router up to 0.4.0. It has been classified as critical. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-10269. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in janet-lang janet up to 1.41.0 and classified as problematic. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. This vulnerability is handled as CVE-2026-10268. It is possible to launch the attack on the local host. Additionally, an exploit exists. A patch should be applied to remediate this issue.

A vulnerability has been found in janet-lang janet up to 1.41.0 and classified as problematic. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. This vulnerability is known as CVE-2026-10267. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_topic.php. Such manipulation of the argument topic_id leads to sql injection. This vulnerability is traded as CVE-2026-10265. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. This vulnerability appears as CVE-2026-10264. The attacker needs to be present on the local network. In addition, an exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2026-10263. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. This vulnerability is documented as CVE-2026-10262. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application_status.php. Executing a manipulation of the argument ID can lead to sql injection. This vulnerability is registered as CVE-2026-10261. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-10260. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-10259. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add_sub_topic.php. This manipulation of the argument topic_id causes sql injection. This vulnerability is tracked as CVE-2026-10258. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update_ss_img.php. The manipulation of the argument topic_id results in sql injection. This vulnerability is identified as CVE-2026-10257. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in itsourcecode Content Management System 1.0. It has been rated as critical. This vulnerability affects unknown code of the file /save_comment.php. The manipulation of the argument Name leads to sql injection. This vulnerability is referenced as CVE-2026-10256. Remote exploitation of the attack is possible. Furthermore, an exploit is available.