5.3
CVE-2026-2141 - WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization
A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization. Remoβ¦
8.7
CVE-2026-2140 - Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow
A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available aβ¦
8.7
CVE-2026-2139 - Tenda TX9 fast_setting_wifi_set sub_432580 buffer overflow
A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publiclβ¦
8.7
CVE-2026-2138 - Tenda TX9 SetStaticRouteCfg sub_42D03C buffer overflow
A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
8.7
CVE-2026-2137 - Tenda TX3 SetIpMacBind buffer overflow
A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
6.9
CVE-2026-2136 - projectworlds Online Food Ordering System view-ticket.php sql injection
A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
5.3
CVE-2026-2135 - UTT HiPER 810 formPdbUpConfig sub_43F020 command injection
A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now pubβ¦
5.1
CVE-2026-2134 - PHPGurukul Hospital Management System manage-doctors.php sql injection
A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been β¦
6.9
CVE-2026-2133 - code-projects Online Music Site AdminUpdateCategory.php unrestricted upload
A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has beβ¦
6.9
CVE-2026-2132 - code-projects Online Music Site AdminUpdateCategory.php sql injection
A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can be executed remotely. The exploit has been β¦