24h | 7d | 30d

Overview

  • code-projects
  • Student Web Portal

08 Mar 2026
Published
08 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%

KEV

Description

A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-3744 - A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manip... https://www.cyberhub.blog/cves/CVE-2026-3744
  • 0
  • 0
  • 0
  • Last hour

Overview

  • zephyrproject-rtos
  • Zephyr
  • Zephyr

05 Mar 2026
Published
05 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
0.04%

KEV

Description

dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-1678 - dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, an... https://www.cyberhub.blog/cves/CVE-2026-1678
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Unisoc (Shanghai) Technologies Co., Ltd.
  • T8100/T9100/T8200/T8300

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.21%

KEV

Description

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2025-61615 - In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi... https://www.cyberhub.blog/cves/CVE-2025-61615
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Tenda
  • i3

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.09%

KEV

Description

A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-3801 - A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. P... https://www.cyberhub.blog/cves/CVE-2026-3801
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Tenda
  • F453

08 Mar 2026
Published
08 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-3768 - A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/W... https://www.cyberhub.blog/cves/CVE-2026-3768
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Unisoc (Shanghai) Technologies Co., Ltd.
  • T7300/T8100/T9100/T8200/T8300

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.21%

KEV

Description

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2025-69278 - In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional executi... https://www.cyberhub.blog/cves/CVE-2025-69278
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • OpenClaw
  • OpenClaw

05 Mar 2026
Published
09 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.04%

KEV

Description

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting the presence check instead of validation, potentially gaining operator access in vulnerable deployments.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-28472 - OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity che... https://www.cyberhub.blog/cves/CVE-2026-28472
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Tenda
  • F453

08 Mar 2026
Published
08 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-3729 - A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation... https://www.cyberhub.blog/cves/CVE-2026-3729
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • RocketChat
  • Rocket.Chat

06 Mar 2026
Published
09 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.11%

KEV

Description

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows an attacker to log in to the service as any user with a password set, using any arbitrary password. The vulnerability stems from a missing await keyword when calling an asynchronous password validation function, causing a Promise object (which is always truthy) to be evaluated instead of the actual boolean validation result. This may lead to account takeover of any user whose username is known or guessable. This issue has been patched in versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0.

Statistics

  • 2 Posts

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Sign in with ANY password into Rocket.Chat EE (CVE-2026-28514) and other vulnerabilities we’ve found with our open source AI framework
  • 0
  • 0
  • 1
  • 18h ago

Overview

  • chamilo
  • chamilo-lms

06 Mar 2026
Published
06 Mar 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.02%

KEV

Description

Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF protections (tokens) and GET based requests. As a result, an authenticated user (Trainer) can be tricked into executing this unwanted action by simply visiting a malicious page. This issue has been patched in version 1.11.34.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2025-59541 - Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete proj... https://www.cyberhub.blog/cves/CVE-2025-59541
  • 0
  • 0
  • 0
  • 9h ago
Showing 71 to 80 of 115 CVEs