2026-04-06
2026-04-06 03:16Z
HIGH

CVE-2026-5612 — Belkin: Executing a manipulation of the argument webpage can lead to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5612

A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDBelkinTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 03:16Z
HIGH

CVE-2026-5611 — Belkin: Performing a manipulation of the argument webpage results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5611

A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDBelkinTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 02:16Z
HIGH

CVE-2026-5610 — Such manipulation of the argument webpage leads to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5610

A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 02:16Z
HIGH

CVE-2026-5609 — This manipulation of the argument index/wl_radio causes stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5609

A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 01:16Z
HIGH

CVE-2026-5608 — Belkin: The manipulation of the argument webpage results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5608

A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDBelkinTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-06
2026-04-06 00:16Z
HIGH

CVE-2026-5605 — Executing a manipulation of the argument GO can lead to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5605

A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-05
2026-04-05 23:16Z
HIGH

CVE-2026-5604 — Performing a manipulation of the argument standard results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5604

A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-05
2026-04-05 22:16Z
HIGH

CVE-2026-4272 — Authentication: Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4272

Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 Base(Ingenic x1000) before GK000432BAA, from D1 Base(Ingenic x1600) before HE000085BAA, from A1/B1 Base(IMX25) before BK000763BAA_BK000765BAA_CU000101BAA. This vulnerability could allow a remote attacker within Bluetooth range of the scanner's base station has the capability to remotely execute system commands on CVSSv3.1 8.1 (HIGH)

CWECWE 306TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25704 — Marmotech Kados: R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25704

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDMarmotechVNDKadosTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25702 — Marmotech Kados: R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25702

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDMarmotechVNDKadosTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25700 — Marmotech Kados: R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25700

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDMarmotechVNDKadosTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25698 — Marmotech Kados: R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25698

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDMarmotechVNDKadosTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25696 — Marmotech Kados: R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25696

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDMarmotechVNDKadosTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25694 — Marmotech Kados: R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25694

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modify data. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDMarmotechVNDKadosTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25692 — Marmotech Kados: R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25692

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_modify field to extract sensitive database information or modify data. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDMarmotechVNDKadosTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25690 — Marmotech Kados: R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25690

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract sensitive database information. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDMarmotechVNDKadosTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25688 — Marmotech Kados: R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25688

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu_lev1 parameter to extract sensitive database information or modify database contents. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDMarmotechVNDKadosTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
CRIT

CVE-2019-25687 — Wisdom Pegasus_cms: Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25687

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDPegasusVNDWisdomTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25685 — Phpbb Phpbb: contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25685

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when deserialized through the imagick parameter in attachment settings. CVSSv3.1 8.8 (HIGH)

CWECWE 22VNDPhpbbTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25684 — Opendocman Opendocman: 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25684

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitive database information. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDOpendocmanTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25681 — Xlightftpd Xlight_ftp_server: Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25681

Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution. CVSSv3.1 8.4 (HIGH)

CWECWE 787VNDXlightftpdVNDXlightTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25680 — Phpscriptsmall Advance_gift_shop_pro_script: Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25680

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDAdvanceVNDPhpscriptsmallTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25678 — C4G: Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25678

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials. CVSSv3.1 8.2 (HIGH)

CWECWE 306VNDC4gTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25676 — Ask: Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25676

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view parameter in list-details.php to execute arbitrary code or extract database information. CVSSv3.1 8.2 (HIGH)

CWECWE 79VNDAskTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-05
2026-04-05 21:16Z
HIGH

CVE-2019-25675 — SQL: eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25675

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection to authenticate as administrator, then leverage authenticated file disclosure vulnerabilities in language_file.php to read arbitrary PHP files from the server. CVSSv3.1 8.2 (HIGH)

CWECWE 89TYPVulnerability
8.2
CVSS v3.1
91
Edit Score