JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

CVE-2026-9565 haojing8312 WorkClaw Blacklist bash.rs is_dangerous os command injection

A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...

CVE-2026-7122

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Tutor LMS versions = 3.9.4...

CVE-2026-2972 a466350665 Smart-SSO Role Edit UserController.java save cross site scripting

A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...

CVE-2026-21980

...

CVE-2026-21936

CVE-2026-21936 affects Oracle MySQL Server, specifically the InnoDB component. Affected versions are MySQL 8.0.0–8.0.44, 8.4.0–8.4.7, and 9.0.0–9.5.0. The flaw enables a high-privilege attacker with network access via multiple protocols to cause a hang or a complete DOS on MySQL Server. Several c...

CVE-2026-0843 jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

CVE-2023-4185

A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack...

PT-2025-53787

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions up to 3.2.0 Description A flaw exists in SohuTV CacheCloud that allows for cross site scripting. This issue is related to the taskQueueList function within the file...

CVE-2025-11473

A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /editcurr.php. Such manipulation of the argument currsymbol leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

EUVD-2025-29756

Malicious code in bioql PyPI...

EUVD-2024-16959

Malicious code in bioql PyPI...

EUVD-2024-27649

Malicious code in bioql PyPI...

EUVD-2024-32944

Malicious code in bioql PyPI...

PT-2025-37426

Name of the Vulnerable Software and Affected Versions: Baptism Information Management System version 1.0 Description: A SQL injection issue exists in the /listbaptism.php file due to manipulation of the bapt id argument. This allows for remote attacks. The exploit has been publicly disclosed...

PT-2025-32471 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions up to 3.19.0 Description: A critical issue exists in LitmusChaos Litmus related to permission issues stemming from unknown processing within the LocalStorage Handler component. The issue can be initiated remotely,...

CVE-2025-8542

A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresascad.php. The manipulation of the argument fantasia/razaosocial leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-8366

A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educarservidorlst.php. The manipulation of the argument nome/matriculaservidor leads to cross site scripting. The attack may be launch...