Skip to main content
CVE-2026-21385 HIGH POC KEV PATCH THREAT Act Now

A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.

Memory Corruption Wcn3990 Firmware Sa8155 Firmware Sw5100p Firmware Qcn9024 Firmware +222
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-24105 CRITICAL POC Act Now

Tenda AC15 router has a code injection in formsetUsbUnload (EPSS 1.7%) enabling unauthenticated remote code execution.

Command Injection Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2026-24101 CRITICAL POC Act Now

Tenda AC15 router has a command injection in formSetIptv (EPSS 1.1%) enabling unauthenticated root-level code execution.

Command Injection Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2026-24107 CRITICAL POC Act Now

Tenda W20E router has a code injection vulnerability in usbPartitionName parameter allowing unauthenticated remote code execution with EPSS 1.1%.

Command Injection W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-50187 CRITICAL POC Act Now

Chamilo LMS prior to 1.11.28 has a code injection through SOAP request parameters enabling remote code execution.

RCE Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-26720 CRITICAL POC Act Now

Twenty CRM v1.15.0 has a code injection vulnerability enabling remote attackers to execute arbitrary code through the CRM platform.

RCE Code Injection Twenty
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-24112 CRITICAL POC Act Now

Tenda W20E has a ninth buffer overflow in yet another CGI endpoint.

Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24110 CRITICAL POC Act Now

Tenda W20E has an eighth buffer overflow in addDhcpRules parameter.

Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24115 CRITICAL POC Act Now

Tenda W20E has a seventh buffer overflow in gstup parameter handling.

Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24114 CRITICAL POC Act Now

Tenda W20E has a sixth buffer overflow in pPortMapIndex parameter validation.

Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24113 CRITICAL POC Act Now

Tenda W20E has a fifth buffer overflow.

Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24111 CRITICAL POC Act Now

Tenda W20E has a fourth buffer overflow vulnerability.

Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24109 CRITICAL POC Act Now

Tenda W20E has a third buffer overflow in a different CGI parameter.

Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24108 CRITICAL POC Act Now

Tenda W20E has a buffer overflow — second of eight critical vulnerabilities in this router firmware.

Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26713 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in cancel-order.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26712 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket-admin.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26711 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26710 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in edit-order.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26709 CRITICAL POC Act Now

Simple Gym Management System v1.0 has SQL injection in trainer search.

PHP SQLi Simple Gym Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26707 CRITICAL POC Act Now

Pharmacy POS has a fifth SQL injection in view_sales.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26706 CRITICAL POC Act Now

Pharmacy POS has a fourth SQL injection in view_reports.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26705 CRITICAL POC Act Now

Pharmacy POS has a third SQL injection in view_products.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26704 CRITICAL POC Act Now

Pharmacy POS has a second SQL injection in view_categories.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26708 CRITICAL POC Act Now

Pharmacy Point of Sale System v1.0 has SQL injection in manage endpoints.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26700 CRITICAL POC Act Now

Personnel Property Equipment System has a fourth SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26701 CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a third SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26703 CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a second SQL injection in a different admin endpoint.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26702 CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has SQL injection in admin panel.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26696 CRITICAL POC Act Now

Simple Student Alumni System v1.0 has a third SQL injection.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26695 CRITICAL POC Act Now

Simple Student Alumni System v1.0 has SQL injection in record_search.php.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26694 CRITICAL POC Act Now

Simple Student Alumni System v1.0 has SQL injection in modal_view.php.

PHP SQLi Simple Student Alumni System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-50192 CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has a time-based SQL injection in a different endpoint, providing an additional database extraction vector.

PHP SQLi Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-50190 CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.

PHP SQLi Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-50199 CRITICAL POC Act Now

Chamilo LMS prior to 1.11.30 has a blind SSRF vulnerability enabling internal network reconnaissance from the learning platform.

PHP SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-3400 HIGH POC This Week

Remote code execution in Tenda AC15 firmware versions up to 15.13.07.13 via a stack-based buffer overflow in the /goform/TextEditingConversion endpoint allows unauthenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating immediate risk for deployed devices. An attacker can exploit this remotely with minimal complexity by manipulating the wpapsk_crypto2_4g parameter.

Buffer Overflow Stack Overflow Ac15 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-50189 HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 8.8 HIGH]

PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-52468 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. [CVSS 8.8 HIGH]

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-28286 HIGH POC This Week

ZimaOS 1.5.2-beta3 lacks proper path validation in its API, allowing authenticated users to bypass frontend restrictions and write files to protected system directories such as /etc and /usr. Public exploit code exists for this vulnerability, enabling attackers with valid credentials to modify critical OS files and potentially achieve code execution. No patch is currently available.

Information Disclosure Zimaos
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-52482 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. [CVSS 8.3 HIGH]

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-25884 HIGH POC PATCH This Week

Out-of-bounds read in Exiv2's CRW image parser allows remote attackers to cause denial of service and potentially disclose sensitive memory contents through crafted image files. Versions prior to 0.28.8 are affected, and public exploit code exists for this vulnerability. A patch is available that administrators should deploy immediately to prevent exploitation.

Buffer Overflow Information Disclosure Exiv2 Red Hat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28403 HIGH POC PATCH This Week

Textream prior to version 1.5.1 fails to validate the Origin header during WebSocket handshake, allowing malicious websites to establish unauthorized connections to the local DirectorServer and inject arbitrary commands. An attacker can exploit this from a browser to gain full remote control of teleprompter content without user interaction beyond visiting a compromised page. Public exploit code exists for this vulnerability; updating to version 1.5.1 or later resolves the issue.

macOS Textream
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-70252 HIGH POC This Week

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. [CVSS 7.5 HIGH]

Stack Overflow Ac6 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47886 HIGH POC This Week

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. [CVSS 7.2 HIGH]

RCE Deserialization Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-50197 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50195 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50194 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50193 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50196 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-26699 HIGH POC This Week

Arbitrary code execution in Personnel Property Equipment System v1.0 allows authenticated attackers with high privileges to execute malicious code through the admin picture upload functionality. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can achieve complete compromise of confidentiality, integrity, and availability on affected systems.

PHP Personnel Property Equipment System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-50188 HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 7.2 HIGH]

PHP Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy