VulDB Recent Entries

A vulnerability classified as critical has been found in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. This vulnerability is handled as CVE-2026-10191. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as problematic has been identified in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. This vulnerability is known as CVE-2026-10190. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. This vulnerability is traded as CVE-2026-10189. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-10188. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-10187. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. This vulnerability is documented as CVE-2026-10186. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in SourceCodester Hospitals Patient Records Management System 1.0. It has been rated as critical. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2026-10185. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in SourceCodester Hospitals Patient Records Management System 1.0. It has been declared as critical. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-10184. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. It has been classified as critical. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is listed as CVE-2026-10183. The attack may be initiated remotely. In addition, an exploit is available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20 and classified as critical. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2026-10182. The attack can be launched remotely. Moreover, an exploit is present. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20 and classified as critical. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2026-10181. The attack can be initiated remotely. Additionally, an exploit exists. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability, which was classified as critical, was found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is referenced as CVE-2026-10180. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2026-10179. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities."

A vulnerability classified as critical was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2026-10178. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability classified as critical has been found in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2026-10177. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to install a patch to address this issue. The pull request to fix this issue awaits acceptance.

A vulnerability described as critical has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. This vulnerability is handled as CVE-2026-10176. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability marked as critical has been reported in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. This vulnerability is known as CVE-2026-10175. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability labeled as problematic has been found in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. This vulnerability is traded as CVE-2026-10174. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability identified as critical has been detected in Armcode Arm Whois 3.11. This impacts an unknown function. This manipulation causes buffer overflow. This vulnerability appears as CVE-2018-25423. The attack requires local access. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in WinMTR 0.91. This affects an unknown function. The manipulation results in buffer overflow. This vulnerability is reported as CVE-2018-25426. The attack can be launched remotely. Moreover, an exploit is present.