Published threat advisories for May 30, 2026

A cross-site scripting vulnerability in a content management system's search function could allow remote attackers to execute scripts. This presents a business risk to organizations, as published exploits may be in use. Affected systems could face unauthorized data access or modification.

NVD published: May 30, 2026

A vulnerability in the book endpoint of TaleLin lin-cms-spring-boot allows improper access controls. This could affect data integrity and system availability for organizations. An attacker with remote access may exploit this issue, posing a business risk.

NVD published: May 30, 2026

A command injection vulnerability exists in the POST Request Handler component, allowing remote attackers to execute commands by manipulating an argument. This impacts affected organizations by potentially compromising systems and data. The exploit is publicly available, presenting a risk of unauthorized command execut

NVD published: May 30, 2026

A remote code execution vulnerability affects a router's Quality of Service function. Attackers can exploit this buffer overflow remotely, potentially compromising affected systems and data. The public availability of an exploit increases business risk.

NVD published: May 30, 2026

A vulnerability affecting a network device's POST Request Handler may allow remote attackers to cause a stack-based buffer overflow by manipulating an argument. Publicly available exploit information suggests a risk to organizations with affected systems. The realistic business risk involves potential compromise of net

NVD published: May 30, 2026

A vulnerability exists in the Zserv Handler component of Shibby Tomato firmware. A stack-based buffer overflow can occur remotely via manipulation of the rip_zebra_read_ipv4 function. This could impact system integrity and availability. The exploit has been publicly disclosed. This vulnerability affects products that a

NVD published: May 30, 2026

A vulnerability in a TRENDnet router's domain filter function could allow remote attackers to gain control. The vendor states the product is end-of-life and unsupported, making fixes unavailable. This presents a business risk to organizations using the affected devices.

NVD published: May 30, 2026

A vulnerability impacts a TRENDnet device's protocol filtering function, allowing remote exploitation via buffer overflow. The product is unsupported, posing significant risk as remediation is infeasible. Organizations should identify and isolate such devices.

NVD published: May 30, 2026

A vulnerability in a TRENDnet device allows remote attackers to cause a stack-based buffer overflow. This could lead to unauthorized system control for organizations using this unsupported, end-of-life hardware. The vendor is unable to provide a fix due to the product's age.

NVD published: May 30, 2026

A vulnerability in WinMTR allows a denial of service if the application processes a malformed file. This could lead to application crashes, impacting network troubleshooting for employees. The risk stems from attackers sending crafted input that triggers a buffer overflow.

NVD published: May 30, 2026

SQL injection in Yot CMS allows unauthenticated attackers to extract database information by injecting malicious code through specific parameters. This impacts organizations by exposing sensitive data, potentially leading to unauthorized access and compromise of data integrity. The risk arises from external attackers e

NVD published: May 30, 2026

An SQL injection vulnerability in the Gate Pass Management System allows unauthenticated attackers to bypass login. This can lead to unauthorized access to the application, potentially exposing data and disrupting operations. The business risk is heightened due to the ease of exploitation and the potential for unauthor

NVD published: May 30, 2026

A SQL injection vulnerability in the MOGG web simulator script allows unauthenticated attackers to execute unauthorized SQL commands and extract sensitive database information. This presents a risk of data breaches and unauthorized access to organizational data.

NVD published: May 30, 2026

A path traversal vulnerability in Open STA Manager allows authenticated users to download arbitrary files, potentially exposing sensitive system information. This impacts organizations by creating a risk of unauthorized data disclosure through manipulated file requests.

NVD published: May 30, 2026

An SQL injection vulnerability exists in the AiOPMSD Final 1.0.0 software, allowing unauthenticated attackers to access sensitive database information. This could impact data integrity and confidentiality by enabling the extraction of usernames and other details. The risk to affected organizations is high due to the po

NVD published: May 30, 2026

The AiOPMSD Final 1.0.0 software is vulnerable to unauthorized database access. Attackers can exploit this by injecting malicious code to extract sensitive information, posing a risk to organizational data and operations.

NVD published: May 30, 2026

A vulnerability in AiOPMSD Final 1.0.0 enables unauthenticated attackers to access sensitive database information. This SQL injection flaw allows the extraction of usernames and database names, posing a business risk through potential data exposure.

NVD published: May 30, 2026

An SQL injection vulnerability exists in AiOPMSD that allows unauthenticated attackers to extract sensitive database information. This impacts affected systems and the data they store, creating risk for organizations.

NVD published: May 30, 2026

A vulnerability in AiOPMSD Final 1.0.0 allows unauthenticated attackers to inject malicious SQL code through the country parameter. This could expose sensitive database information such as usernames and database names, posing a business risk to data confidentiality.

NVD published: May 30, 2026

An SQL injection vulnerability in the director parameter of AiOPMSD Final 1.0.0 allows unauthenticated attackers to extract sensitive database information by executing arbitrary SQL queries. This poses a risk to data confidentiality and integrity.

NVD published: May 30, 2026

A vulnerability in AiOPMSD Final 1.0.0 allows unauthenticated attackers to extract sensitive database information through SQL injection. This could lead to unauthorized access to usernames, database names, and system details, posing a business risk.

NVD published: May 30, 2026

A vulnerability in AiOPMSD allows unauthenticated attackers to inject SQL commands, risking the exposure of sensitive database information. This affects organizations by potentially compromising data confidentiality through unauthorized access to user and database details. The risk arises from the ability to extract in

NVD published: May 30, 2026

An arbitrary file upload vulnerability affects Delta Sql, allowing unauthenticated attackers to upload and execute malicious files. This can lead to remote code execution, posing a business risk of system compromise and data breaches.

NVD published: May 30, 2026

MGB OpenSource Guestbook has an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive database information. This poses a risk to data confidentiality and integrity for organizations using the software.

NVD published: May 30, 2026

An SQL injection vulnerability in SIM-PKH allows authenticated attackers to execute arbitrary SQL queries via the 'id' parameter. This impacts organizations by enabling data theft, potentially exposing usernames and database names. Business risk includes compromised data confidentiality and system integrity.

NVD published: May 30, 2026

An arbitrary file upload vulnerability in SIM-PKH allows authenticated attackers to execute malicious PHP code as web scripts. This could lead to unauthorized system access and data compromise, posing a significant business risk.

NVD published: May 30, 2026

A path traversal vulnerability in the Open ISES Project's download feature allows unauthorized access to arbitrary files. This can lead to the exposure of sensitive data and impact system integrity. The realistic business risk includes potential data breaches and unauthorized access to configuration or system files.

NVD published: May 30, 2026

A vulnerability in the eNdonesia Portal allows unauthenticated attackers to inject SQL queries. This could lead to the extraction of sensitive database information, impacting data integrity and posing a business risk. Organizations should identify affected assets and restrict external access.

NVD published: May 30, 2026

SQL injection vulnerabilities in eNdonesia Portal allow unauthenticated attackers to extract database credentials and user information. This impacts data confidentiality and system integrity, posing a business risk due to potential data breaches and unauthorized access.

NVD published: May 30, 2026

SQL injection vulnerabilities in eNdonesia Portal's mod.php file allow unauthenticated attackers to execute arbitrary SQL queries. This can lead to the extraction of sensitive database information, impacting organizational data confidentiality and integrity. The business risk involves potential data breaches and unauth

NVD published: May 30, 2026

A vulnerability in a TRENDnet router function can allow remote attackers to cause a buffer overflow, potentially leading to system compromise. As the product is end-of-life and unsupported, no vendor fix is available, and the exploit is public. This poses a risk to any remaining deployed devices.

NVD published: May 30, 2026

A vulnerability in TRENDnet devices, specifically the formSetMACFilter function, allows remote attackers to cause a stack-based buffer overflow. This impacts unsupported products, as the vendor has ended support for this device 15 years ago. Organizations using this equipment face business risk due to the public disclo

NVD published: May 30, 2026