CVE-2026-2076

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

CVE-2026-2076

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

EUVD-2026-5747

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User...

CVE-2026-2076

A vulnerability (CVE-2026-2076) affects the yeqifu warehouse project, specifically the User Management Endpoint. The flaw resides in the UserController.java functions addUser, updateUser, and deleteUser, causing improper authorization. The issue can be triggered remotely, and public exploitabilit...

PT-2026-6897

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A flaw exists that can lead to improper authorization. The issue affects the addMenu, updateMenu, and deleteMenu functions within the MenuController.java file located in the...

PT-2026-6914

Name of the Vulnerable Software and Affected Versions yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 Description A flaw exists within the Notice Management component of yeqifu warehouse, specifically in the addNotice, updateNotice, deleteNotice, and batchDeleteNotice...

PT-2026-6883

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A security issue exists in yeqifu warehouse related to improper authorization. The issue is present in the addRole, updateRole, and deleteRole functions within the RoleController.jav...

PT-2026-6884

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A security issue exists in yeqifu warehouse related to improper authorization. The issue is located within the Permission Management component, specifically in the addPermission,...

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There are authorization issues in Warehouse; these issues stem from incorrect operations in the Department Management component, specifically in the file...

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2019-25294

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

CVE-2019-25301 thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...

CVE-2019-25294 html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware

Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000…...

CVE-2026-1499 WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the processaddsite AJAX action combined with path traversal in the file upload functionality. This...

CVE-2026-1499

The CVE-2026-1499 issue affects the WP Duplicate (Local Sync) WordPress plugin, versions up to and including 1.1.8. The root cause is a missing capability check on the process_add_site AJAX action, combined with path traversal in the file upload flow, allowing an authenticated (subscriber-level) ...

WordPress WP Duplicate plugin <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability

Authenticated Subscriber+ Arbitrary File Upload via 'processaddsite' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Duplicate versions = 1.1.8...

OSV-2026-203 Segv on unknown address in glslang::TIntermediate::addSymbol

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481635421 Crash type: Segv on unknown address Crash state: glslang::TIntermediate::addSymbol glslang::HlslParseContext::handleFunctionCall glslang::HlslParseContext::transformEntryPoint...

PT-2026-6740

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add comment sql.php to execute...

PT-2026-6736

Name of the Vulnerable Software and Affected Versions html5 snmp version 1.11 Description The software contains a persistent cross-site scripting issue. An attacker can inject malicious scripts through the Remark parameter in the add router operation.php file. By crafting a POST request with a...