6.9
CVE-2026-3708 - code-projects Simple Flight Ticket Booking System login.php sql injection
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit has been rβ¦
4.8
CVE-2026-3707 - MrNanko webp4j gif_decoder.c DecodeGifFromMemory integer overflow
A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_height leads to integer overflow. Local access is required to approach this attack. The exploit is puβ¦
6.3
CVE-2026-3706 - mkj Dropbear S Range Check curve25519.c unpackneg signature verification
A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to β¦
6.9
CVE-2026-3705 - code-projects Simple Flight Ticket Booking System Adminsearch.php sql injection
A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made puβ¦
9.3
CVE-2026-3703 - Wavlink NU516U1 login.cgi sub_401A10 out-of-bounds write
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading tβ¦
5.3
CVE-2026-3702 - SourceCodester Loan Management System index.php cross site scripting
A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is nβ¦
8.7
CVE-2026-3701 - H3C Magic B1 aspForm Edit_BasicSSID_5G buffer overflow
A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function Edit_BasicSSID_5G of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosβ¦
5.1
CVE-2026-3704 - Wavlink NU516U1 Incomplete Fix CVE-2025-10959 firewall.cgi sub_405B2C command injection
A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit hasβ¦
8.7
CVE-2026-3700 - UTT HiPER 810G formConfigDnsFilterGlobal strcpy buffer overflow
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could beβ¦
8.7
CVE-2026-3699 - UTT HiPER 810G formRemoteControl strcpy buffer overflow
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.