8.7
CVE-2026-3015 - UTT HiPER 810G formPolicyRouteConf strcpy buffer overflow
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed β¦
7.3
CVE-2026-21420 -
Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.
5.9
CVE-2025-59873 - Session Token Exposure via URL Query Parameters
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the applicaβ¦
5.3
CVE-2026-2985 - Tiandy Video Surveillance System θ§ι’ηζ§εΉ³ε° CLSBODownLoad.java downloadImage server-side request forgery
A security flaw has been discovered in Tiandy Video Surveillance System θ§ι’ηζ§εΉ³ε° 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible tβ¦
5.1
CVE-2025-40986 - Reflected Cross-Site Scripting in PideTuCita
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the endpoint 'cookies/indes.php/<XSS>'. This vulnerability can be exploited to steal confidential user β¦
5.1
CVE-2025-40701 - Reflected Cross-Site scripting (XSS) in SOTE's SOTESHOP
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be exploited to steal seβ¦
6.9
CVE-2026-2984 - SourceCodester Student Result Management System drop_user.php denial of service
A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID leads to denial of service. The attack can be executed remotely. The exploit is publicly available and β¦
6.9
CVE-2026-2983 - SourceCodester Student Result Management System Bulk Import import_users.php access control
A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes improper access controls. Remote exploitation of thβ¦
9.3
CVE-2025-41002 - SQL injection in Infoticketing
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code'Β parameter in '/components/cart/cartApplyDiscount.php'.
8.7
CVE-2026-2981 - UTT HiPER 810G formTaskEdit_ap strcpy buffer overflow
A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.