CVE-2026-2974

AliasVault App (up to 0.25.3) on Android/iOS contains a vulnerability in the Backup Handler that manipulates tokens inside shared_prefs/aliasvault.xml (accessToken/refreshToken/metadata/key_derivation_params/auth_methods). This can expose backup files to an unauthorized control sphere through a l...

CVE-2026-2969

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

DEBIAN-CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

UBUNTU-CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2969 datapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engine

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

CVE-2026-2969

CVE-2026-2969 affects datapizza-labs datapizza-ai 0.0.2, specifically the Jinja2 Template Handler’s ChatPromptTemplate in datapizza-ai-core/datapizza/modules/prompt/prompt.py. The vulnerability arises from manipulation of the Prompt argument that leads to improper neutralization of special elemen...

UBUNTU-CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

CVE-2026-2896

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

TOTOLINK X6000R 安全漏洞

The TOTOLINK X6000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK X6000R v9.4.0cu.1498B20250826 version contains a security vulnerability. This vulnerability stems from improper cleanup of the hosttime parameter in the NTPSyncWithHost handler, which may allow...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

PT-2026-21494

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiat...

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

Datapizza AI 安全漏洞

Datapizza AI is an open-source development framework for intelligent agents by Datapizza. Version 0.0.2 of Datapizza AI contains a security vulnerability. This vulnerability stems from incorrect handling of parameters Prompt in the function ChatPromptTemplate of the Jinja2 Template Handler...

CVE-2025-69700

CVE-2025-69700 affects Tenda FH1203 V2.0.1.6. The vulnerability is a stack-based buffer overflow in the function modify_add_client_prio, reachable via the formSetClientPrio CGI handler. CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (Network attack, low complexity, no user interaction, high impact...

CVE-2026-2957

A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely...

CVE-2026-2957

In qinming99 dst-admin up to v1.5.0, the deleteBackup function in BackupController.java (File Handler component) is vulnerable to a remote Denial of Service. Public exploit details exist (PT-2026-21468), and upgrading to v1.5.1 is recommended; as a workaround, restrict access to deleteBackup unti...

CVE-2026-2957 qinming99 dst-admin File BackupController.java deleteBackup denial of service

A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely...

CVE-2026-2957

A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely...

CVE-2026-2947

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...