9.8
CVE-2026-26701 - SQL Injection in Personnel Property Equipment System 1.0
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.
7.5
CVE-2026-24112 - Buffer Overflow in Tenda W20E Router Firmware 4.0br V15.11.0.6
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerabilitβ¦
9.8
CVE-2026-26696 -
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.
7.2
CVE-2026-26699 - Arbitrary Code Execution via Admin Photo Upload in Personnel Property Equipment System
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.
8.7
CVE-2026-3400 - Tenda AC15 TextEditingConversion stack-based overflow
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exβ¦
8.7
CVE-2026-3399 - Tenda F453 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publiβ¦
8.7
CVE-2026-3398 - Tenda F453 httpd AdvSetWan fromAdvSetWan buffer overflow
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been puβ¦
6.9
CVE-2026-3395 - MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection
A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack rβ¦
4.8
CVE-2026-3394 - jarikomppa soloud WAV File soloud_wav.cpp loadwav memory corruption
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local positioβ¦
4.8
CVE-2026-3393 - jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow
A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be caβ¦