8.7
CVE-2026-3732 - Tenda F453 exeCommand strcpy stack-based overflow
A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly β¦
6.9
CVE-2026-3731 - libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack β¦
6.9
CVE-2026-3730 - itsourcecode Free Hotel Reservation System index.php sql injection
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of the argument amen_id/rmtype_id results in sql injection. The attack is possibleβ¦
8.7
CVE-2026-3729 - Tenda F453 PPTPDClient fromPptpUserAdd stack-based overflow
A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and miβ¦
8.7
CVE-2026-3728 - Tenda F453 setcfm fromSetCfm stack-based overflow
A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disβ¦
8.7
CVE-2026-3727 - Tenda F453 QuickIndex sub_3C6C0 stack-based overflow
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argument mit_linktype/PPPOEPassword results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made publiβ¦
8.7
CVE-2026-3726 - Tenda F453 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow
A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the β¦
5.3
CVE-2026-3725 - 1024-lab/lab1024 SmartAdmin FreeMarker Template MailService.java freemarkerResolverContent special β¦
A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of the β¦
5.3
CVE-2026-3724 - SourceCodester Patients Waiting Area Queue Management System checkin.php improper authorization
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It is possible to initiate the attack remotely. The exploit has β¦
6.9
CVE-2026-3723 - code-projects Simple Flight Ticket Booking System Admindelete.php sql injection
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released to β¦