Code-Projects Coaching Management System 注入漏洞

The Code-Projects Coaching Management System is an open-source coaching management system developed by Code-Projects. Version 1.0 of the Code-Projects Coaching Management System has a SQL injection vulnerability. This vulnerability stems from the complaintreply parameter in the...

PT-2026-35660

The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on the user-supplied URL. This makes it possible for authenticated...

PT-2026-35649

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read docx/read xlsx/read pptx/list xlsx sheets/read pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path...

PT-2026-35669

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

PT-2026-35694

A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file exten asp of the file file exten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The...

PT-2026-35693

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

PT-2026-35690

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

MCP-GMX-VMD 注入漏洞

MCP-GMX-VMD is an integrated tool for molecular dynamics simulation and visualization developed by EgT’s individual developers. Versions of MCP-GMX-VMD 0.1.0 and earlier contained a injection vulnerability. This vulnerability stemmed from incorrect handling of parameters such as structurefile and...

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the fileexten.asp function in the File Extension Handler...

PT-2026-35824

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

Cisco IOS XR Software Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco IOS XR Software due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds, after whi...

Cisco IOS XE Software Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco IOS XE Software due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds, after whi...

Cisco NX-OS Software Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco NX-OS Software due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds, after which...

CVE-2026-7177

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

CVE-2026-7177

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

CVE-2026-7177 ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

EUVD-2026-25928

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

CVE-2026-7156

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

CVE-2026-7154

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument ttyserver can lead to os command injection. The attack can be launched...

CVE-2026-7155

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated...