Common Vulnerabilities and Exposures (CVE)

CVE-2026-13516

Jun 28, 2026 23:45:09 UTC

A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflo...

CVE-2026-13515

Jun 28, 2026 23:30:10 UTC

A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The atta...

CVE-2026-13514

Jun 28, 2026 23:15:11 UTC

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to a...

CVE-2026-13513

Jun 28, 2026 23:00:16 UTC

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of...

CVE-2026-13512

Jun 28, 2026 22:45:10 UTC

A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_manager.rs of the component Tenant Handler....

CVE-2026-13511

Jun 28, 2026 22:30:11 UTC

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a mani...

CVE-2026-13510

Jun 28, 2026 22:15:11 UTC

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipul...

CVE-2026-13509

Jun 28, 2026 22:00:11 UTC

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_file of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation le...

CVE-2026-13508

Jun 28, 2026 21:45:10 UTC

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes ...

CVE-2026-13507

Jun 28, 2026 21:30:09 UTC

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label Handler. The manipu...

CVE-2024-8105

Jun 28, 2026 20:20:37 UTC

A vulnerability exists in UEFI implementations that use a hard-coded software-based Platform Key (PK). An attacker in possession of the corresponding PK private key can sign arbitrary UEFI executables or firmware components, causing them to...

CVE-2026-48945

Jun 28, 2026 18:39:05 UTC

The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and rem...

CVE-2026-48940

Jun 28, 2026 18:38:46 UTC

A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page.

CVE-2026-48941

Jun 28, 2026 18:38:20 UTC

The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`

CVE-2026-48946

Jun 28, 2026 18:37:50 UTC

The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/atta...