5.3
CVE-2026-2149 - SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System appointments.php cross sβ¦
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patient_id results in cross site scripting. It is possible to laβ¦
6.9
CVE-2026-2148 - Tenda AC21 Web Management DownloadFlash information disclosure
A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been β¦
6.9
CVE-2026-2147 - Tenda AC21 Web Management DownloadLog information disclosure
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made avaiβ¦
5.3
CVE-2026-2146 - guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to β¦
5.1
CVE-2026-2145 - cym1102 nginxWebUI Web Management check cross site scripting
A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely. Tβ¦
8.6
CVE-2026-2143 - D-Link DIR-823X DDNS Service set_ddns os command injection
A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is posβ¦
8.6
CVE-2026-2142 - D-Link DIR-823X set_qos sub_420688 os command injection
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be usβ¦
5.3
CVE-2026-2141 - WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization
A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization. Remoβ¦
8.7
CVE-2026-2140 - Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow
A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available aβ¦
8.7
CVE-2026-2139 - Tenda TX9 fast_setting_wifi_set sub_432580 buffer overflow
A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publiclβ¦