Common Vulnerabilities and Exposures (CVE)

CVE-2026-22877

Mar 2, 2026 14:26:42 UTC

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.

CVE-2026-3274

Mar 2, 2026 14:26:05 UTC

A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. Th...

CVE-2026-20797

Mar 2, 2026 14:25:33 UTC

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.

CVE-2026-24115

Mar 2, 2026 14:23:20 UTC

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.

CVE-2026-3412

Mar 2, 2026 14:11:26 UTC

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed re...

CVE-2026-2999

Mar 2, 2026 14:09:57 UTC

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them.

CVE-2026-3413

Mar 2, 2026 14:09:06 UTC

A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /admin_single_student.php. This manipulation of the argument ID causes sql injection. The attack is possible to be c...

CVE-2026-3000

Mar 2, 2026 14:08:22 UTC

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.

CVE-2026-1542

Mar 2, 2026 14:04:37 UTC

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

CVE-2026-20429

Mar 2, 2026 13:58:21 UTC

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitatio...

CVE-2026-20424

Mar 2, 2026 13:57:35 UTC

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitatio...

CVE-2026-3389

Mar 2, 2026 13:57:10 UTC

A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be exec...

CVE-2026-20439

Mar 2, 2026 13:57:05 UTC

In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS104...

CVE-2025-15597

Mar 2, 2026 13:55:07 UTC

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possi...

CVE-2026-20437

Mar 2, 2026 13:53:16 UTC

In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS104319...