9.3
CVE-2016-20024 - ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicioβ¦
6.9
CVE-2026-4180 - D-Link DIR-816 goahead redirect.asp access control
A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The exploit is publicly availβ¦
5.1
CVE-2026-4175 - Aureus ERP Chatter Message content-text-entry.blade.php cross site scripting
A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of thβ¦
4.8
CVE-2026-4174 - Radare2 Mach-O File mach0.c walk_exports_trie resource consumption
A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit hβ¦
7.8
CVE-2025-14287 - Command Injection in mlflow/mlflow
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, β¦
5.3
CVE-2026-4173 - CodePhiliaX Chat2DB Database Export DMDBManage.java updateProcedure sql injection
A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation causβ¦
8.6
CVE-2026-4172 - TRENDnet TEW-632BRP HTTP POST Request ping_response.cgi stack-based overflow
A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The expβ¦
5.3
CVE-2026-4171 - CodeGenieApp serverless-express API Endpoint TodoList.ts authorization
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to aβ¦
9.3
CVE-2026-4170 - Topsec TopACM HTTP Request nmc_sync.php os command injection
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the argument template_path can lead to os command injection. The β¦
4.8
CVE-2026-4169 - Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting
A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are sβ¦