Overview
Description
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Statistics
- 1 Post
Last activity: 20 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 14 hours ago
Overview
Description
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-based blind, error-based, or union-based SQL injection techniques to extract sensitive database information.
Statistics
- 1 Post
Last activity: 21 hours ago
Overview
- chartbrew
- chartbrew
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.23%
KEV
Description
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1.
Statistics
- 1 Post
Last activity: 19 hours ago
Overview
- code-projects
- Simple Flight Ticket Booking System
08 Mar 2026
Published
10 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%
KEV
Description
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- code-projects
- Simple Flight Ticket Booking System
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%
KEV
Description
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- WWBN
- AVideo-Encoder
06 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.10%
KEV
Description
AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption. This issue has been patched in version 7.0.
Statistics
- 1 Post
Last activity: 15 hours ago
Overview
Description
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Statistics
- 1 Post
Last activity: 19 hours ago
Overview
- Siemens
- SINEC Security Monitor
08 Oct 2024
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.11%
KEV
Description
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command.
This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS.
Statistics
- 1 Post
Last activity: 15 hours ago
Overview
Description
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
Statistics
- 1 Post
Last activity: 16 hours ago
Fediverse
New SolarWinds CVE Continues Patch-Bypass Pattern
The CISA and NVD have published a new critical vulnerability affecting SolarWinds Web Help Desk tracked as CVE-2025-26399 which involves deserialization of untrusted data that could allow remote code execution. What makes this vulnerability particularly notable is that it appears to be a bypass of a previous SolarWinds patch tracked as CVE-2024-28988 which itself was a bypass of an earlier fix which was tracked as…
https://itnerd.blog/2026/03/10/new-solarwinds-cve-continues-patch-bypass-pattern/