5.3
CVE-2026-7678 - YunaiV yudao-cloud GoViewDataServiceImpl.java getDataBySQL sql injection
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attack β¦
5.1
CVE-2026-7677 - kerwincui FastBee System Notice SysNoticeController.java add cross site scripting
A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument noticeConβ¦
5.3
CVE-2026-7676 - kerwincui FastBee Tool Download Endpoint ToolController.java ToolController.download path traversal
A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument fiβ¦
8.7
CVE-2026-7675 - Shenzhen Libituo Technology LBT-T300-HW1 apply.cgi start_lan buffer overflow
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disβ¦
8.7
CVE-2026-7674 - Shenzhen Libituo Technology LBT-T300-HW1 Web Management start_single_service buffer overflow
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be execβ¦
5.1
CVE-2026-7673 - crmeb_java Admin Upload UploadServiceImpl.java unrestricted upload
A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted uβ¦
0.0
CVE-2026-40561 - Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An β¦
5.3
CVE-2026-7672 - youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection. Tβ¦
6.3
CVE-2026-7671 - CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication
A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of thiβ¦
6.9
CVE-2026-7670 - Jinher OA UserSel.aspx sql injection
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be β¦