VulDB Recent Entries

A vulnerability labeled as critical has been found in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. This vulnerability is registered as CVE-2026-7142. It is possible to launch the attack remotely. Furthermore, an exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. This vulnerability is cataloged as CVE-2026-7141. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability categorized as critical has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. This vulnerability is listed as CVE-2026-7140. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been rated as critical. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. This vulnerability is tracked as CVE-2026-7139. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been declared as critical. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. This vulnerability is identified as CVE-2026-7138. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been classified as critical. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. This vulnerability is referenced as CVE-2026-7137. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521 and classified as critical. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The identification of this vulnerability is CVE-2026-7136. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master and classified as critical. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. This vulnerability was named CVE-2026-7135. The attack needs to be approached locally. In addition, an exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2026-7134. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. This vulnerability is handled as CVE-2026-7133. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as critical was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. This vulnerability is known as CVE-2026-7132. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. This vulnerability is traded as CVE-2026-7131. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_category. Executing a manipulation of the argument ID can lead to sql injection. This vulnerability appears as CVE-2026-7130. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as problematic has been reported in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of the argument ID results in cross site scripting. This vulnerability is reported as CVE-2026-7129. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2026-7128. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2026-7127. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-7126. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been rated as critical. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. This vulnerability is listed as CVE-2026-7125. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been declared as critical. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command injection. This vulnerability is tracked as CVE-2026-7124. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been classified as critical. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. This vulnerability is identified as CVE-2026-7123. The attack can be initiated remotely. Additionally, an exploit exists.