CVE-2026-3135 itsourcecode News Portal Project add-category.php sql injection

A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2026-3135

CVE-2026-3135 affects itsourcecode News Portal Project 1.0. The vulnerable element is an unknown function in /admin/add-category.php where the Category argument can be manipulated to trigger an SQL injection. This allows remote initiation of an attack, and public exploit availability is noted. Mu...

itsourcecode News Portal Project SQL注入漏洞

itsourcecode News Portal Project is an open-source news portal project developed by itsourcecode. Version 1.0 of the itsourcecode News Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Category parameter in the admin/add-category.php...

PT-2026-21925

Name of the Vulnerable Software and Affected Versions Linksys MR9600 version 1.0.4.205530 Linksys MX4200 version 1.0.13.210200 Description A lack of proper authentication allows a user with physical access to the device to misuse the mesh functionality. This can lead to gaining access to sensitiv...

PT-2026-22055

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2026.1.14 Description The Model Context Protocol Servers software contains an issue where the git add tool does not properly validate file paths provided in the files argument. This allows relative paths...

PT-2026-21942

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.2 Description A Server-Side Request Forgery SSRF flaw exists in the "Add Link" feature of Plane, allowing an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network...

kernel security update

6.12.0-124.39.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

SPIP referer_spam 安全漏洞

SPIP refererspam is an extension plugin developed by the SPIP company. Versions of SPIP refererspam prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from the fact that the operations refererspamajouter and refererspamsupprimer directly inserted URL parameters into SQL...

PT-2026-21814

Name of the Vulnerable Software and Affected Versions itsourcecode News Portal Project version 1.0 Description A flaw exists in itsourcecode News Portal Project 1.0 that allows for SQL injection. The issue is located in the file /admin/add-category.php within an unknown function. The Category...

WordPress plugin Disable Admin Notices – Hide Dashboard Notifications 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-69700

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modifyaddclientprio function, which is reachable via the formSetClientPrio CGI handler...

CVE-2026-3053 DataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authentication

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...

CVE-2025-69700

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modifyaddclientprio function, which is reachable via the formSetClientPrio CGI handler...

CVE-2026-2939

A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /addstudent/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

CVE-2025-69700

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modifyaddclientprio function, which is reachable via the formSetClientPrio CGI handler...

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

CVE-2019-25443

Inventory Webapp is affected by CVE-2019-25443: an SQL injection in add-item.php allows unauthenticated users to manipulate queries via GET parameters (name, description, quantity, cat_id), enabling arbitrary database commands. The vulnerability affects the way input is incorporated into SQL stat...