4.8
CVE-2026-3402 - PHPGurukul Student Record Management System edit-course.php cross site scripting
A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The explβ¦
2.3
CVE-2026-3401 - SourceCodester Web-based Pharmacy Product Management System session expiration
A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the exploitabβ¦
8.7
CVE-2026-3400 - Tenda AC15 TextEditingConversion stack-based overflow
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exβ¦
8.7
CVE-2026-3399 - Tenda F453 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publiβ¦
8.7
CVE-2026-3398 - Tenda F453 httpd AdvSetWan fromAdvSetWan buffer overflow
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been puβ¦
6.9
CVE-2026-3395 - MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection
A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack rβ¦
4.8
CVE-2026-3394 - jarikomppa soloud WAV File soloud_wav.cpp loadwav memory corruption
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local positioβ¦
4.8
CVE-2026-3393 - jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow
A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be caβ¦
4.8
CVE-2026-3392 - FascinatedBox lily lily_emitter.c eval_tree null pointer dereference
A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could β¦
4.8
CVE-2026-3391 - FascinatedBox lily lily_emitter.c clear_storages out-of-bounds
A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been released to the public and may be used forβ¦