CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

CVE-2026-7400

CVE-2026-7400 affects geekgod382’s filesystem-mcp-server (v1.0.0). The issue is in the is_path_allowed function within server.py (read_file_tool/write_file_tool), enabling path traversal. The vulnerability is exploitable remotely, with a publicly disclosed exploit and an official fix in v1.1.0. T...

PT-2026-35430

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save type. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit ha...

CVE-2026-7000

A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the argument VLAN Name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to...

EUVD-2026-23702

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remot...

EUVD-2026-19482

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

CVE-2026-4537

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

CVE-2026-3389

A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstdrexnewnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and m...

GHSA-429M-9874-RX9W PSI Probe vulnerable to Server-Side Request Forgery

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

CVE-2026-3137 CodeAstro Food Ordering System food_ordering.exe stack-based overflow

A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file foodordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed public...

CVE-2026-2223

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initia...

CVE-2026-2085 D-Link DWR-M921 USSD Configuration Endpoint formUSSDSetup sub_419F20 command injection

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The...

VulnCheck KEV: CVE-2025-6485

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack...

EUVD-2025-205575

A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-15077

A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly...

EUVD-2025-203344

A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/httpeshellserver of the component WIRELESSCFGGET Interface. The manipulation of the argument params leads to buffer overflow. Remote exploitation o...

CVE-2025-12859

CVE-2025-12859 affects DedeBIZ

CVE-2025-11554

Portabilis i-Educar (

CVE-2025-11339

A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub4BD4F8 of the file /webchat/hiblock.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been...

EUVD-2025-24078

Malicious code in bioql PyPI...