EUVD-2026-31665

A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

PT-2026-42928

Name of the Vulnerable Software and Affected Versions hermes-agent versions prior to 2026.4.17 Description A remote attack can be launched against the Environment Variable Handler component. The issue resides in the execute code function within the tools/code execution tool.py file, where...

CVE-2026-6624

A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has bee...

EUVD-2026-19119

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function executesql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-4243

A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/app/lanacion/clublanacion/BuildConfig.java of the component app.lanacion.activity. Executing a manipulation of the argument APIKEYWEBSOCKETCV can lead to unprotected storage of...

EUVD-2026-12265

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

PT-2026-23925

A vulnerability was identified in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. This issue affects some unknown processing of the file /System/Cms/downLoad. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit is publicly...

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

EUVD-2026-5806

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

CVE-2026-2131

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function inputtext. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

EUVD-2026-4849

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the loc...

CVE-2026-0837 UTT 进取 520W formFireWall strcpy buffer overflow

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor...

PT-2025-53386

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A path traversal weakness exists in Tenda CH22 version 1.0.0.1. This issue impacts an unknown function within the /public/ file. Remote attackers can exploit this to perform path traversal. The exploit is...

EUVD-2025-203301

A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/viewunit.php. The manipulation of the argument chkId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available a...

CVE-2025-14485 EFM ipTIME A3004T Administrator Password timepro.cgi show_debug_screen command injection

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

PT-2025-47155

Name of the Vulnerable Software and Affected Versions 1000projects Design & Development of Student Database Management System version 1.0 Description A flaw exists in 1000projects Design & Development of Student Database Management System version 1.0 that allows for remote SQL injection. The issu...

CVE-2025-13171

A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkanlist.php. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

EUVD-2025-197643

A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be use...

EUVD-2025-38252

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...

PT-2025-44755

Name of the Vulnerable Software and Affected Versions fushengqian fuint affected versions not specified Description A flaw exists in fushengqian fuint related to the Authentication Token Handler component, specifically within the file...