8.7
CVE-2026-2961 - D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried β¦
8.7
CVE-2026-2960 - D-Link DWR-M960 formDhcpv6s sub_468D64 stack-based overflow
A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and mβ¦
8.7
CVE-2026-2959 - D-Link DWR-M960 formNewSchedule sub_44E0F8 stack-based overflow
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit isβ¦
8.7
CVE-2026-2958 - D-Link DWR-M960 formWsc sub_457C5C stack-based overflow
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly andβ¦
0.0
CVE-2026-2588 - Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems
Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 6β¦
5.3
CVE-2026-2957 - qinming99 dst-admin File BackupController.java deleteBackup denial of service
A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely. Tβ¦
5.3
CVE-2026-2956 - qinming99 dst-admin restore revertBackup command injection
A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be uβ¦
5.3
CVE-2026-2954 - Dromara UJCMS ImportDataController import-channel importChanel injection
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate the β¦
8.8
CVE-2019-25462 - Web Ofisi Rent a Car v3 SQL Injection via klima Parameter
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cauβ¦
8.8
CVE-2019-25461 - Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using tiβ¦