PT-2026-33797

The Dataflow module in OpenMage LTS uses a weak blacklist filter str replace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to re...

PT-2026-33814

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in Controller Step.InsertSubmit and EditSubmit before being rendered by View Step.RenderViewSteps. An authenticated staff member can injec...

PT-2026-33760

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The...

Yifang CMS 安全漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the parameter “Account” in the “Extended Management Modul...

PT-2026-33822

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT Report::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

F5 Networks BIG-IP : Intel UEFI vulnerability (K000160902)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000160902 advisory. Improper input validation in the UEFI WheaERST module for some IntelR reference platforms may allow an escalation of...

OpenMage Magento Lts（Magento） 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from the Dataflow module’s use of a weak blacklist filter to prevent path traversal...

PT-2026-33722

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...

PT-2026-33755

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang backend account/logic/admin/L rbac admin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting...

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.10 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleaning of the title parameter in the...

Qibo CMS 安全漏洞

Qibo CMS is a content management system developed by Qibo CMS Inc., designed for website construction and content publishing. Version 1.0 of Qibo CMS has a security vulnerability, which stems from improper handling of an unknown feature of the Internal Message Module component. This vulnerability...

📄 OpenEMR 8.0.0.2 Remote Code Execution

This Metasploit exploit module targets a potential remote code execution vulnerability in OpenEMR systems identified as CVE-2026-32238. The module combines authentication handling, HTTP request manipulation, and command injection capabilities to achieve remote command execution on vulnerable...

PT-2026-33723

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RR42 ADM versions 5.0.0 through 5.1.2.REO1 Description A command injection issue exists in the PPTP VPN Clients of ASUSTOR ADM. This flaw allows an administrative user to bypass the restricted web environment a...

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.4 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of configuration values by the Cassandra export module, which could lead to redirection of monitoring dat...

lmdeploy 安全漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of LMDeploy prior to 0.12.3 contained security vulnerabilities; these vulnerabilities stemmed from the vision-language module’s loadimage function, which did not validate URLs, potentially allowing...

MAL-2026-2921 Malicious code in chandan-module-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9b92ee71a8547073a6d21685e6190b1769e93db8cbf2be1a57e7e14e8d0d075 The package chandan-module-test was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in chandan-module-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9b92ee71a8547073a6d21685e6190b1769e93db8cbf2be1a57e7e14e8d0d075 The package chandan-module-test was found to contain malicious code. Source: ossf-package-analysis...

WebVuln-Chain-Framework

WebVuln Chain Framework Modular web vulnerability scanner w...

MiracleLinux 9 : nginx:1.26 (AXSA:2026-457:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-457:01 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

Oracle Linux 8 : perl:5.32 (ELSA-2026-8096)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8096 advisory. - Fix CVE-2025-40909 - Clone dirhandles without fchdir - Fix CVE-2023-47038 - Fix CVE-2021-36770 - mitigate @INC pollution when loading ConfigLocal Tenable has...