5.1
CVE-2026-4175 - Aureus ERP Chatter Message content-text-entry.blade.php cross site scripting
A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of thβ¦
4.8
CVE-2026-4174 - Radare2 Mach-O File mach0.c walk_exports_trie resource consumption
A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit hβ¦
7.8
CVE-2025-14287 - Command Injection in mlflow/mlflow
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, β¦
5.3
CVE-2026-4173 - CodePhiliaX Chat2DB Database Export DMDBManage.java updateProcedure sql injection
A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation causβ¦
8.6
CVE-2026-4172 - TRENDnet TEW-632BRP HTTP POST Request ping_response.cgi stack-based overflow
A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The expβ¦
5.3
CVE-2026-4171 - CodeGenieApp serverless-express API Endpoint TodoList.ts authorization
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to aβ¦
9.3
CVE-2026-4170 - Topsec TopACM HTTP Request nmc_sync.php os command injection
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the argument template_path can lead to os command injection. The β¦
4.8
CVE-2026-4169 - Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting
A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are sβ¦
4.8
CVE-2026-4168 - Tecnick TCExam Group tce_edit_group.php cross site scripting
A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly avaβ¦
8.7
CVE-2026-4167 - Belkin F9K1122 formReboot stack-based overflow
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utiliβ¦