CVE-2026-7222

A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting...

PT-2026-35712

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save category of the file /admin/ajax.php?action=save category. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been...

oci-utils security update

-- 0.14.0-21 - Update the debugging log file path. Orabug: 39250938...

CVE-2026-40355

In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...

SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability arises from...

Execution System MCP Server 路径遍历漏洞

The Execution System MCP Server is an AI-native execution system server developed by Brian Elinsky. Version 0.1.0 of the Execution System MCP Server contains a path traversal vulnerability. This vulnerability arises from the parameter context in the getcontextfilepath function of the addaction...

PT-2026-35654

A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting...

CVE-2026-7157

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...

CVE-2026-7122

Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates on Totolink A8000RU CGIs, specifically the cstecgi.cgi setUPnPCfg parameter, for potential OS command injection information.

EUVD-2026-25831

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

EUVD-2026-25830

A security flaw has been discovered in code-projects Employee Management System 1.0. This issue affects some unknown processing of the file 370project/mark.php. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released ...

PT-2026-35529

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

PT-2026-35505

SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...

MkDocs MCP Plugin 路径遍历漏洞

MkDocs MCP Plugin is an open-source document intelligent search and integration tool developed by Dou. Versions of MkDocs MCP Plugin prior to 0.4.1 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of parameters docsdir and filepath in the...

PT-2026-35530

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider mcp server/server.py of the component aider ai code. This manipulation of the argument relative editable files causes...

CVE-2026-6990

A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descrição results in cross site scripting. The attack can be initiated remotely. The exploit has been made...

PT-2026-35155

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The...

PT-2026-35161

A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descrição results in cross site scripting. The attack can be initiated remotely. The exploit has been made...

CVE-2026-29050 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...

Directory Traversal

Overview psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Directory Traversal through the Store.getFilename path resolution in the upload storage component. An attacker can escape the upload jail and read or overwrite files...