439 matches found
CVE-2026-22659
FlaskBB up to version 2.2.0 is vulnerable to an authorization bypass. The issue arises when an attacker manipulates a batch request with crafted topic ID lists, causing a low-ID topic from a permitted forum to be used as an anchor and bypass the permission check applied only to the first result. ...
CVE-2026-14775
A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...
CVE-2026-14775
The CVE concerns SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function in the file /process_lesson.php where manipulation of the argument user_id leads to unrestricted upload. The attack can be launched remotely, and an exploit is publicly available. T...
CVE-2026-14745
A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-listrent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...
CVE-2026-14732
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /editexam.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...
PT-2026-55832
Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the /process lesson.php file where manipulation of the user id variable allows for unrestricted file upload. This flaw can be exploited...
CVE-2026-14621
A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...
PT-2026-55733
Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...
EUVD-2026-41565
A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=viewstudent of the component POST Handler. The manipulation of the argument ID leads to authorization...
CVE-2026-14608
SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 is affected. The vulnerability resides in the POST Handler’s /index.php?action=view_student where manipulating the ID argument bypasses authorization. Remote exploitation is possible, and the exploit has been publicly di...
EUVD-2026-40055
A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been mad...
CVE-2026-13535
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
CVE-2026-13491 78 xiaozhi-esp32 MQTT Goodbye mqtt_protocol.cc GetInstance denial of service
A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...
CVE-2026-13491
The CVE-2026-13491 entry concerns 78 xiaozhi-esp32 (up to version 2.2.6) and identifies a vulnerability in the MQTT Goodbye Handler. The issue lies in Application::GetInstance within main/protocols/mqtt_protocol.cc, where manipulating the session_id argument can trigger a denial of service. The a...
CVE-2026-13491
A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...
PT-2026-53163
Name of the Vulnerable Software and Affected Versions volcengine OpenViking versions prior to 0.3.22 Description Insufficient verification of data authenticity exists within the Local VectorDB Primary-key Label Handler component. The issue occurs in the str to uint64 function located in the...
PT-2026-53104
Name of the Vulnerable Software and Affected Versions xiaozhi-esp32 versions prior to 2.2.7 Description A remote denial of service can be triggered through the manipulation of the session id argument. This issue resides within the Application::GetInstance function located in the main/protocols/mq...
CVE-2026-44732
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are...
CVE-2026-7200
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the argument ID can lead to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2026-7093
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...