Kalcaddle Kodbox 安全漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. A security vulnerability exists in the 1.64 version of Kalcaddle Kodbox. This vulnerability stems from incorrect handling of the parameter “third” in the component loginSubmit...

CVE-2026-4542 SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has...

CVE-2026-4542

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has...

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

CVE-2026-4537

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

CVE-2026-4537

CVE-2026-4537 affects Cudy TR1200 firmware version R46-2.4.15-20250721-164017. The vulnerability lies in the Lua-based web UI controller at /usr/bin/lib/lua/luci/controller/ipsec.lua, within the function action_ipsec_conn. Exploitation involves command injection via manipulation of this function,...

SUSE CVE-2026-33022

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...

PT-2026-26973

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has...

PT-2026-26968

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action ipsec conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

CVE-2026-4514

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be perform...

CVE-2026-4514 PbootCMS Backend UserController.php access control

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be perform...

EUVD-2026-14242

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

CVE-2026-4510 PbootCMS Parameter MemberController.php alert_location cross site scripting

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alertlocation of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

EUVD-2026-13931

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...

CVE-2026-32666

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

CVE-2026-24060

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

PT-2026-26883

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is...

PbootCMS 访问控制错误漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier contain a security vulnerability related to access control. This vulnerability stems from an unknown function in the Backend component file...

PbootCMS 代码注入漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the backurl parameter in the alertlocation function within the...