PT-2026-36725

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service can be triggered in the UDR component. The issue exists within the ogs dbi subscription data function located in the /lib/dbi/subscription.c library, where manipulation of...

CVE-2026-7158

The CVE-2026-7158 entry concerns the dmitryglhf mcp-url-downloader project. The vulnerability affects the function _validate_url_safe in src/mcp_url_downloader/server.py and is triggered by manipulating the url argument, resulting in server-side request forgery (SSRF). The issue is exploitable re...

EUVD-2026-25137

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

PT-2026-33716

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

CVE-2026-6141

A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...

CVE-2026-4499

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

PT-2026-27018

A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote...

CVE-2026-4167

CVE-2026-4167 affects Belkin F9K1122 firmware 1.00.33. The flaw is in the function formReboot of /goform/formReboot, where manipulation of a webpage parameter causes a stack-based buffer overflow. The vulnerability is exploitable remotely over the network and, per sources, has a publicly disclose...

PT-2025-46863

Name of the Vulnerable Software and Affected Versions cameasy Liketea version 1.0.0 Description A security issue exists in cameasy Liketea 1.0.0. The list function within the file laravel/app/Http/Controllers/Front/StoreController.php of the API Endpoint component is susceptible to SQL injection...

CVE-2025-12260 TOTOLINK A3300R POST Parameter cstecgi.cgi setSyslogCfg stack-based overflow

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible to...

CVE-2025-11485

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...

EUVD-2025-7502

Malicious code in bioql PyPI...

CVE-2025-10424

A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/facultycontroller.php. This manipulation of the argument newimage causes unrestricted upload. The attack is...

PT-2025-33439 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A vulnerability was identified in the processing of the file /admin/sms setting.php. Manipulation of the uname argument leads to a SQL injection. The attack may be...

CVE-2025-8989

The connected documents provide concrete details for CVE-2025-8989: a SQL injection vulnerability in SourceCodester COVID 19 Testing Management System 1.0, caused by improper handling of the mobilenumber parameter in /edit-phlebotomist.php. The issue is exploitable remotely and may affect other p...

DEBIAN-CVE-2025-8732

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with...

CVE-2025-7134

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=deleteapplication. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. T...

CVE-2025-6299

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-1258

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWTKEYADMIN leads to use of hard-coded cryptographic k...