CVE-2024-56808

CVE-2024-56808 affects Media Streaming add-on. A command injection vulnerability exists that can be exploited by an attacker with local network access and a valid user account to execute arbitrary commands. The issue is mitigated by upgrading to Media Streaming add-on version 500.1.1.6 (released ...

CVE-2026-0595

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

PT-2026-7529

Name of the Vulnerable Software and Affected Versions Media Streaming add-on versions prior to 500.1.1.6 Description An out-of-bounds read issue exists in Media Streaming add-on. An attacker with local network access can exploit this to obtain secret data. Recommendations Update to Media Streamin...

QNAP Systems Media Streaming add-on 操作系统命令注入漏洞

The QNAP Systems Media Streaming add-on is a multimedia enhancement plugin developed by QNAP Systems, a company from Taiwan, China. The QNAP Systems Media Streaming add-on has a vulnerability related to operating system command injection. This vulnerability stems from command injections, which ma...

tornado: Tornado Quadratic DoS via Repeated Header Coalescing

A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...

CVE-2026-2214

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-2213

A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. The attack may be performed from remote. The...

CVE-2026-2165

A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/addseller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be...

CVE-2026-2213

A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. The attack may be performed from remote. The...

CVE-2026-2214

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-2213

A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. The attack may be performed from remote. The...

CVE-2026-2214

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-2214

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-2214 code-projects for Plugin AdminAddAlbum.php cross site scripting

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-2214

CVE-2026-2214 affects code-projects for Plugin 1.0, with the weakness located in an unknown part of /Administrator/PHP/AdminAddAlbum.php. The issue arises from manipulating the txtalbum argument, enabling a cross-site scripting (XSS) flaw that can be triggered remotely. Multiple connected sources...

CVE-2026-2213 code-projects Online Music Site AdminAddAlbum.php unrestricted upload

A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. The attack may be performed from remote. The...

CVE-2026-2213

The CVE-2026-2213 entry concerns code-projects Online Music Site 1.0 with an unrestricted upload vulnerability in /Administrator/PHP/AdminAddAlbum.php. The issue stems from manipulating the txtimage argument, enabling remote attackers to upload files without restriction. Multiple connected source...

CVE-2026-2201

CVE-2026-2201 affects ZeroWdd studentmanager. The flaw is in LeaveController.addLeave where manipulating the Reason for Leave parameter triggers cross-site scripting. Attack may be remote; exploit disclosed publicly. No specific affected version information is provided; project has not been activ...

PT-2026-7045

A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of the argument Reason for Leave leads to cros...

Code-Projects Online Music Site 代码问题漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has code-related vulnerabilities. These vulnerabilities stem from incorrect handling of the txtimage parameter in the...