CVE-2026-5007 kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

CVE-2026-4898

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The...

EUVD-2026-16740

A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. If...

CVE-2024-11604 Insertion of Sensitive Information into Log File

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through...

CVE-2026-4842

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is possible...

CVE-2026-4909

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

CVE-2026-4898

The CVE-2026-4898 issue affects code-projects Online Food Ordering System 1.0. It resides in an unknown function of /dbfood/contact.php where manipulating the Name parameter triggers cross-site scripting. The vulnerability is exploitable remotely, and an exploit is publicly available. No specific...

CVE-2026-2239 Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

CVE-2026-4838

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be us...

CVE-2026-4838

SourceCodester Malawi Online Market 1.0 contains a SQL injection in an unknown function within /display.php triggered by manipulating the argument ID. This allows remote exploitation and an exploit has been published. The CVE notes the impact as low for confidentiality/integrity/availability with...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15848)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

EUVD-2026-15740

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

EUVD-2026-13694

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious...

Sercomm SCE4255W 安全漏洞

Sercomm SCE4255W is a broadband gateway device produced by Sercomm in Taiwan, China. Previous versions of Sercomm SCE4255W DG3934v3@2308041842 had security vulnerabilities. These vulnerabilities stemmed from path traversal vulnerabilities in the /ftl/web/setup.cgi file, which could allow...

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

CVE-2026-32842

CVE-2026-32842 affects Edimax GS-5008PL firmware versions 1.00.54 and earlier. The root cause is insecure credential storage: admin credentials are stored in plaintext in configuration backup files (config.bin) and can be accessed by downloading the backup via fupload.cgi, enabling unauthorized a...

EUVD-2025-208805

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-66000

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

Unraid 路径遍历漏洞

Unraid is a set of operating systems developed by Unraid Corporation, primarily intended for individuals and small businesses. Unraid has a path traversal vulnerability; this issue stems from the lack of validation for the paths provided by users in the auth-request.php file, which may lead to pa...

SUSE CVE-2025-70873

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file...