8.7
CVE-2026-3044 - Tenda AC8 Httpd Service UploadCfg webCgiGetUploadFile stack-based overflow
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The eβ¦
5.3
CVE-2026-3043 - itsourcecode Event Management System navbar.php cross site scripting
A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and mβ¦
6.9
CVE-2026-3042 - itsourcecode Event Management System index.php sql injection
A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit is now public andβ¦
7.7
CVE-2026-21665 - Remote Code Execution via Insecure .NET Remoting in Unsupported Originate Loans Peripherals
The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted networβ¦
4.8
CVE-2026-3041 - xingfuggz BaykeShop Article Sidebar custom.html cross site scripting
A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to crossβ¦
5.1
CVE-2026-3040 - DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated remoβ¦
5.1
CVE-2026-27741 - Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints
Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can iβ¦
5.1
CVE-2026-27742 - Bludit <= 3.16.2 Stored XSS in Post Content
Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenticated user can inject arbitrary JavaScript iβ¦
6.6
CVE-2025-69248 - free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NAβ¦
2.7
CVE-2025-69247 - free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service
free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specialβ¦