PT-2026-22191

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System 1.0 related to SQL injection. The issue is located in the file /settings/index.php within the Setting Handler component...

PT-2026-22236

A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial o...

PT-2026-22227

Name of the Vulnerable Software and Affected Versions PSI Probe versions up to 5.3.0 Description A flaw exists in PSI Probe that involves improper access controls. This issue is related to a function within the...

CVE-2026-27799 ImageMagick has a heap Buffer Over-read in its DJVU image format handler

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

EUVD-2026-8691

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

CVE-2026-3194

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

CVE-2026-3194

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

CVE-2026-3192

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

CVE-2026-3192

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

CVE-2026-3101

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted earl...

CVE-2026-3192

Chia Blockchain 2.1.0 is affected by CVE-2026-3192. The vulnerability resides in the RPC Credential Handler’s rpc_server_base.py function _authenticate, enabling improper authentication. It can be exploited remotely, with high attack complexity and considered difficult to exploit. The CVE entry n...

CVE-2026-1929 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

CVE-2026-1929 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2026-3163

CVE-2026-3163 affects SourceCodester Website Link Extractor 1.0, with a vulnerability in the URL Handler’s file_get_contents that enables server-side request forgery. The issue can be triggered remotely, and disclosures/public exploitation have been reported in the provided documents. No remediat...

CVE-2026-3163

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

PT-2026-22042

Name of the Vulnerable Software and Affected Versions fosrl Pangolin versions up to 1.15.4-s.3 Description A flaw exists in the Role Handler component of fosrl Pangolin. Specifically, the verifyRoleAccess/verifyApiKeyRoleAccess function is susceptible to manipulation, resulting in improper access...

chia-blockchain 授权问题漏洞

ChiaBlockchain is a Python library for Chia Network’s open-source project. Version 2.1.0 of ChiaBlockchain contains an authorization vulnerability. This vulnerability stems from improper authentication practices in the authenticate function within the rpcserverbase.py file of the component’s RPC...

SourceCodester Website Link Extractor 代码问题漏洞

SourceCodester Website Link Extractor is an open-source website link extractor developed by SourceCodester. Version 1.0 of SourceCodester Website Link Extractor has code-related vulnerabilities; these vulnerabilities stem from issues with the filegetcontents function in the URL Handler component,...