CVE Vulnerabilities - 2 March 2026

Tenda W20E Router Buffer Overflow Risk

CVE-2026-24115

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstrule...

9.8

Tenda W20E Router Uncontrolled Memory Copy

CVE-2026-24114

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`....

9.8

Tenda W20E Router: Buffer Overflow Risk from Malicious Input

CVE-2026-24108

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value i...

9.8

Tenda W20E: Malicious USB Commands Can Be Executed

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`,...

9.8

Chamilo Learning Management System: Unsecured SOAP Service

CVE-2025-50192

Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap...

8.8

Chamilo Learning Management System: Unauthenticated Data Access

CVE-2025-50190

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter wit...

8.8

Chamilo Learning Management System: Unfiltered SOAP Request Allows Hacker Access

CVE-2025-50187

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Co...

9.8

SimStudio versions before 0.5.74 allow unauthorized MongoDB access

CVE-2026-3431

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host...

9.8

Unrestricted File Upload in DobryCMS can lead to Code Execution

CVE-2025-14532

DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which ca...

9.3

U-Office Force: Unauthenticated Remote Code Execution via Malicious Data

CVE-2026-3422

U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary ...

9.3

itsourcecode University Management System: Unapproved Data Access Risk

CVE-2026-3413

A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /admin_single_student.php....

6.9

IDExpert Windows Logon Agent allows malicious files to run on your computer

CVE-2026-3000

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the s...

9.3

IDExpert Windows Logon Agent allows unauthorized code to run on your system

CVE-2026-2999

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the s...

9.3

itsourcecode University Management System: ID Manipulation Allows Unauthorized Access

CVE-2026-3411

A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of t...

6.9

itsourcecode Society Management System SQL Injection via Student ID

CVE-2026-3410

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /...

6.9

SQL Injection in Online Art Gallery Shop 1.0: Unauthenticated User Data Exposure

CVE-2026-3406

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.ph...

6.9

Tenda AC15 Wi-Fi Router: Remote Code Execution via Unsecured Function

CVE-2026-3400

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEdit...

7.4

ClniNET Web Interface: Unnormalized Parameters Enable Code Injection

CVE-2025-30044

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlog...

9.4

OpenClaw agents.files allows malicious file read and write

GHSA-fgvx-58p6-gjwc

## Impact The gateway `agents.files.get` and `agents.files.set` methods allowed symlink traversal for allowlisted workspace files. A symlinked allowl...

9.3

CpenClaw Windows ACPX wrapper allows malicious command execution

GHSA-6f6j-wx9w-ff4j

### Summary On Windows ACPX paths, wrapper resolution for `.cmd`/`.bat` could fall back to shell execution in ways that allowed `cwd` influence to alt...

9.3

AVideo Plugin Upload Allows Attackers to Run Malicious Code

CVE-2026-28502 GHSA-v8jw-8w5p-23g3

## Summary An authenticated Remote Code Execution (RCE) vulnerability was identified in AVideo related to the plugin upload/import functionality. The...

9.3

DobryCMS: Malicious Code Can Be Injected via URL

CVE-2025-12462

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resu...

9.3

MySQL Authentication Module Allows Unauthenticated Access

CVE-2026-2584

A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:...

9.3

Idno URL Unfurl Service Exposes Server to Unauthenticated Access

CVE-2026-28508 GHSA-fcrh-fqxh-6fx6

## Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any ...

9.2

Chamilo Learning Management System: SSRF Vulnerability

CVE-2025-50199

Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter...

7.7