Skip to content

Commit df88210

Browse files
1 parent 79cc9c9 commit df88210

10 files changed

Lines changed: 568 additions & 0 deletions

File tree

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2hf5-r849-3x76",
4+
"modified": "2026-05-31T15:31:18Z",
5+
"published": "2026-05-31T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-10185"
8+
],
9+
"details": "A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10185"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/zzb1388/cve2/issues/3"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-10185"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/819918"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367466"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367466/cti"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.sourcecodester.com"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-05-31T14:16:51Z"
59+
}
60+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5cpr-5mvp-9f62",
4+
"modified": "2026-05-31T15:31:18Z",
5+
"published": "2026-05-31T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-49489"
8+
],
9+
"details": "OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform time-based blind injection attacks and read sensitive data.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/opencats/OpenCATS/security/advisories/GHSA-8mc8-5gw6-c7w4"
25+
},
26+
{
27+
"type": "ADVISORY",
28+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49489"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://packetstorm.news/files/id/222200"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.exploit-db.com/exploits/52579"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.vulncheck.com/advisories/opencats-sql-injection-in-datagrid-sortdirection-parameter"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-89"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-05-31T13:16:49Z"
51+
}
52+
}
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6wcv-mwf3-2vmh",
4+
"modified": "2026-05-31T15:31:18Z",
5+
"published": "2026-05-31T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-49490"
8+
],
9+
"details": "OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by manipulating filter requests to execute arbitrary SQL queries against the database.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/opencats/OpenCATS/security/advisories/GHSA-gmpc-j6h7-vw74"
25+
},
26+
{
27+
"type": "ADVISORY",
28+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49490"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.vulncheck.com/advisories/opencats-sql-injection-in-datagrid-filter-handling-for-tags-column"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-89"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-05-31T13:16:49Z"
43+
}
44+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-73fj-3962-8jh6",
4+
"modified": "2026-05-31T15:31:18Z",
5+
"published": "2026-05-31T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-10183"
8+
],
9+
"details": "A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10183"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_20/20.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-10183"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/814777"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367464"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367464/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-31T14:16:51Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-88p4-r3v2-m497",
4+
"modified": "2026-05-31T15:31:18Z",
5+
"published": "2026-05-31T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-10181"
8+
],
9+
"details": "A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10181"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_18/18.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-10181"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/814775"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367462"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367462/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-31T13:16:48Z"
55+
}
56+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8mm7-wgg4-c7ff",
4+
"modified": "2026-05-31T15:31:18Z",
5+
"published": "2026-05-31T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-10182"
8+
],
9+
"details": "A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10182"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_19/19.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-10182"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/814776"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367463"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367463/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-31T14:16:50Z"
55+
}
56+
}
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-ch5g-97gx-qrr4",
4+
"modified": "2026-05-31T15:31:18Z",
5+
"published": "2026-05-31T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-10186"
8+
],
9+
"details": "A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10186"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/aiyuyuyu/cve/blob/main/patient_sql.md"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/cve/CVE-2026-10186"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/submit/819933"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367467"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/vuln/367467/cti"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-05-31T14:16:52Z"
59+
}
60+
}

0 commit comments

Comments
 (0)