Briefs

A remote SQL injection vulnerability (CVE-2026-6163) exists in code-projects Lost and Found Thing Management 1.0 via manipulation of the 'cat' parameter in /catageory.php, potentially allowing attackers to read, modify, or delete database information.

CVE-2026-25207 is an out-of-bounds write vulnerability in Samsung Open Source Escargot that allows for buffer overflows, potentially leading to arbitrary code execution.

CVE-2026-6161 is an unauthenticated SQL injection vulnerability in the Simple ChatBox application (<= 1.0) that can be exploited by sending a crafted HTTP request to `/chatbox/insert.php`.

A heap-based buffer overflow vulnerability in Samsung Open Source Escargot (CVE-2026-25205) allows for out-of-bounds write operations, potentially leading to arbitrary code execution.

A remote buffer overflow vulnerability exists in the Totolink A800R router version 4.1.2cu.5137_B20200730, allowing unauthenticated attackers to potentially execute arbitrary code by overflowing the apcliSsid argument in the setAppEasyWizardConfig function within the /lib/cste_modules/app.so library.

A use-after-free vulnerability, tracked as CVE-2026-34856, exists in Huawei's communication module due to improper synchronization in concurrent execution, potentially leading to a denial-of-service condition.

CVE-2026-6129 is a critical vulnerability in zhayujie chatgpt-on-wechat CowAgent up to version 2.0.4, allowing remote attackers to bypass authentication via manipulation of the Agent Mode Service.

An out-of-bounds write vulnerability exists in Mesa versions before 25.3.6 and 26 before 26.0.1 due to an untrusted allocation size in WebGPU, potentially leading to code execution.

Dolibarr ERP-CRM 8.0.4 is vulnerable to SQL injection via the rowid parameter in the admin dict.php endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive database information.

MyT-PM 1.5.1 is vulnerable to SQL injection, allowing authenticated attackers to execute arbitrary SQL queries via the Charge[group_total] parameter.

Across DR-810 routers are vulnerable to unauthenticated file disclosure, allowing remote attackers to download the rom-0 backup file containing sensitive information, such as router passwords and configuration data, via a simple GET request to the rom-0 endpoint.

eBrigade ERP 4.5 is vulnerable to SQL injection via the 'id' parameter in pdf.php, allowing authenticated attackers to execute arbitrary SQL queries and extract sensitive database information.

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability allowing authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter via POST requests to the admin.php endpoint.

CMSsite 1.0 is vulnerable to unauthenticated SQL injection (CVE-2019-25697) via the cat_id parameter in category.php, allowing attackers to extract sensitive database information.

Easy Video to iPod Converter 1.6.20 is vulnerable to a local buffer overflow in the user registration field, allowing a local attacker to overwrite the structured exception handler (SEH) by providing a crafted payload exceeding 996 bytes in the username field, potentially leading to arbitrary code execution with user privileges.

HTML5 Video Player version 1.2.5 is vulnerable to a local buffer overflow, allowing attackers to execute arbitrary code by providing an oversized key code string through the Help Register dialog.

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation, leading to arbitrary code execution.

A remote stack-based buffer overflow vulnerability exists in the fromDhcpListClient function of the /goform/DhcpListClient component (httpd) within Tenda F451 firmware version 1.0.0.7, triggered by manipulating the 'page' argument, potentially allowing for arbitrary code execution.

CVE-2026-6126 is an unauthenticated remote code execution vulnerability in zhayujie chatgpt-on-wechat CowAgent 2.0.4 due to missing authentication in the Administrative HTTP Endpoint.

Tenda F451 router version 1.0.0.7 is vulnerable to a stack-based buffer overflow in the frmL7ProtForm function, enabling remote attackers to execute arbitrary code by manipulating the 'page' argument.

A stack-based buffer overflow vulnerability (CVE-2026-6121) exists in the WrlclientSet function of the /goform/WrlclientSet file in the httpd component of Tenda F451 version 1.0.0.7, allowing remote attackers to execute arbitrary code by manipulating the GO argument.

CVE-2026-6105 is a critical vulnerability in perfree go-fastdfs-web versions up to 1.3.7, allowing for remote improper authorization due to a flaw in the doInstall Interface, potentially leading to unauthorized system access and control.

Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 are vulnerable to session fixation due to user-controlled request parameters being used to set the PHP session ID, potentially allowing attackers to hijack user sessions.

This rule identifies hosts triggering multiple distinct, globally rare Elastic Defend behavior rules, increasing the likelihood of detecting compromised hosts while reducing false positives.

Postiz, an AI social media scheduling tool, is vulnerable to Server-Side Request Forgery (SSRF) in versions prior to 2.21.5, allowing attackers to access internal resources.

CVE-2026-5483 is a high-severity vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) that allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint, potentially leading to unauthorized access to Kubernetes resources.

SiYuan is vulnerable to zero-click NTLM hash theft on Windows and blind SSRF on all platforms due to insecure Mermaid.js configuration, where a malicious Mermaid diagram containing a protocol-relative URL can be injected into a note, causing the Electron client to fetch the URL, triggering SMB authentication on Windows and sending the victim's NTLMv2 hash to the attacker. On macOS and Linux, the request acts as a tracking pixel and blind SSRF.

TREK collaborative travel planner before version 2.7.2 is vulnerable to missing authorization checks on the Immich trip photo management routes, potentially allowing unauthorized access to trip photos.

Unauthenticated attackers can exploit a vulnerability in Saltcorn versions prior to 1.4.5, 1.5.5, and 1.6.0-beta.4 to write arbitrary files and list directory contents on the server.

A sandbox escape vulnerability exists in Wasmtime versions 25.0.0 to 36.0.7, 37.0.0 to 42.0.2, and version 43.0.0 when using the Winch compiler backend on aarch64 architecture, potentially allowing a Wasm guest to access host memory outside its sandbox, leading to denial of service, data leaks, or remote code execution.