Vuldb Updates

A vulnerability was found in Roo Code. It has been declared as critical. The impacted element is an unknown function. Executing a manipulation can lead to os command injection. This vulnerability is tracked as CVE-2026-30307. The attack can be launched remotely. No exploit exists.

A vulnerability described as critical has been identified in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The identification of this vulnerability is CVE-2026-5153. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in supsysticcom Contact Form by Supsystic Plugin up to 1.7.36 on WordPress. This vulnerability affects the function registerUndefinedFilterCallback. The manipulation results in code injection. This vulnerability was named CVE-2026-4257. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in necboy DSAI-Cline. It has been rated as critical. This affects an unknown function. The manipulation leads to os command injection. This vulnerability is listed as CVE-2026-30313. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in SakaDev. This affects an unknown part. Executing a manipulation can lead to injection. This vulnerability appears as CVE-2026-30306. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical was found in HAI Build Code Generator. This issue affects some unknown processing. The manipulation results in injection. This vulnerability is known as CVE-2026-30308. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as critical has been detected in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. This vulnerability is handled as CVE-2026-5148. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter Handler. Such manipulation of the argument cos_id leads to sql injection. This vulnerability is uniquely identified as CVE-2026-5150. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. This vulnerability was named CVE-2026-5152. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as problematic has been found in LibTIFF 4.3.0. Affected is an unknown function of the component tiffcp. The manipulation leads to denial of service. This vulnerability is documented as CVE-2022-0865. The attack can be initiated remotely. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as critical was found in LibTIFF 4.3.0. This vulnerability affects the function ExtractImageSection of the file tiffcrop.c of the component TIFF Image Handler. Such manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2022-0891. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability was found in LibTIFF 4.3.0. It has been rated as problematic. The affected element is an unknown function of the component tiffcrop. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2022-0907. The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability has been found in libcaca and classified as problematic. The impacted element is the function img2txt. This manipulation causes divide by zero. This vulnerability is registered as CVE-2022-0856. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in Kyverno 1.16.0. The impacted element is an unknown function. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-4789. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in FreeRDP up to 3.24.1. Affected is the function progressive_decompress_tile_upgrade. This manipulation causes integer overflow. This vulnerability is registered as CVE-2026-33983. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, was found in FreeRDP up to 3.24.1. The affected element is the function rts_read_auth_verifier_no_checks. Such manipulation of the argument auth_length leads to reachable assertion. This vulnerability is uniquely identified as CVE-2026-33952. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability has been found in FreeRDP up to 3.24.1 and classified as problematic. The impacted element is an unknown function. Performing a manipulation results in reachable assertion. This vulnerability was named CVE-2026-33977. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in FreeRDP up to 3.24.1. It has been rated as critical. Affected by this vulnerability is the function winpr_aligned_offset_recalloc. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2026-33982. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. This vulnerability is tracked as CVE-2026-5156. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, was found in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust_id leads to cross site scripting. This vulnerability is listed as CVE-2026-5157. The attack may be performed from remote. In addition, an exploit is available.