CVE-2026-6622 BichitroGan ISP Billing Software Customer edit cross site scripting

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

CVE-2026-6615

CVE-2026-6615 — TransformerOptimus SuperAGI Multipart Upload path traversal Affected: TransformerOptimus SuperAGI (up to 0.0.14). The vulnerability is in the Multipart Upload Handler, specifically the Upload function in superagi/controllers/resources.py. Manipulating the Name argument enables pat...

EUVD-2026-23780

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

EUVD-2026-23783

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

CVE-2026-6610

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

CVE-2026-6608

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

CVE-2026-6610 liangliangyy DjangoBlog Setting settings.py hard-coded credentials

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

CVE-2026-6595

ProjectsAndPrograms School Management System, up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59, contains a vulnerability in buslocation.php (HTTP GET Parameter Handler). Manipulating the bus_id parameter causes an SQL injection, with remote attack possible and a publicly available exploit. The prod...

EUVD-2026-23714

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launch...

EUVD-2026-23710

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

FastChat 安全漏洞

FastChat is an open-source platform developed by LMSYS for training, deploying, and evaluating chatbots based on large language models. Versions of FastChat prior to 0.2.36 contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the addtext function in the Arena...

BichitroGan ISP Billing Software 安全漏洞

BichitroGan ISP Billing Software is an internet service provider billing and customer management system developed by BichitroGan Company in Bangladesh. The version 2025.3.20 of BichitroGan ISP Billing Software contains a security vulnerability. This vulnerability arises from improper handling of...

BichitroGan ISP Billing Software 安全漏洞

BichitroGan ISP Billing Software is an internet service provider billing and customer management system developed by BichitroGan Company in Bangladesh. The version 2025.3.20 of BichitroGan ISP Billing Software contains a security vulnerability. This vulnerability arises from improper handling of...

PT-2026-33828

Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first...

PT-2026-33716

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

CVE-2026-29643

XiangShan Open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 contains an improper exceptional-condition handling flaw in its CSR subsystem NewCSR. On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR...

PT-2026-33749

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

PT-2026-33743

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /? route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

Cockpit 安全漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit prior to 2.13.5 contained security vulnerabilities, which were caused by improper neutralization of special elements in the data query logic handled by the Asset Handler/Aggregate Handler...

PT-2026-33690

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus id leads to sql...