D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router produced by D-Link Corporation. The D-Link DIR-605L version 2.13B01 has a security vulnerability. This vulnerability stems from the operation of the curTime parameter in the formAdvNetwork function of the POST Request Handler component, which may lead to a...

PT-2026-31740

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.13B01 Description A buffer overflow issue exists in the formVirtualServ function within the POST Request Handler component, specifically in the file /goform/formVirtualServ. The vulnerability is triggered by...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability stems from an incorrect operation of the setIptvCfg function in the...

PT-2026-31741

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.13B01 Description A flaw exists in the formSetMACFilter function of the /goform/formSetMACFilter file within the POST Request Handler component. Manipulation of the curTime argument can cause a buffer overflow,...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability stems from an operation on the mode parameter in the setWiFiAclRules...

PublicCMS 安全漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China, written in the Java language. Versions of PublicCMS 6.202506.d and earlier contain security vulnerabilities. These vulnerabilities stem from operations on the...

Tenda i3 路径遍历漏洞

The Tenda i3 is a wireless access point device produced by the Chinese company Tenda. The version Tenda i3 1.0.0.62204 contains a path traversal vulnerability. This vulnerability stems from a path traversal issue within the R7WebsSecurityHandler function in the HTTP Handler component, which may...

PT-2026-31587

Name of the Vulnerable Software and Affected Versions jeecgboot JimuReport versions up to 2.3.0 Description A code injection issue exists in the Data Source Handler component of jeecgboot JimuReport, specifically within the DriverManager.getConnection function located in the...

PT-2026-31723

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A vulnerability exists in the Totolink A7100RU device. The setDmzCfg function within the CGI Handler component, specifically in the /cgi-bin/cstecgi.cgi file, is susceptible to OS comma...

PT-2026-31679

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml fill of the file metagpt/actions/action node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated...

CVE-2026-5811

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

CVE-2026-5810

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has...

CVE-2026-5811

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

CVE-2026-5811 SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

CVE-2026-35607

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the...

CVE-2026-35446

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...

CVE-2026-35446 LORIS has a path traversal in FilesDownloadHandler

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...

CVE-2026-35446 LORIS has a path traversal in FilesDownloadHandler

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...

EUVD-2026-20580

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the CreateHandler process, which lacks resource limits for query depth, complexity, response size, and rate limiting. An attacker can exhaust server CPU, memory, and bandwidth by...