CVE-2026-45729

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

CVE-2026-10252

A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /managetenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CodeAstro Online Job Portal SQL Injection Vulnerability

CodeAstro Online Job Portal is an online job portal operated by CodeAstro Corporation. Version 1.0 of CodeAstro Online Job Portal has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file/users/applicationstatus.php, which may lead to SQL...

WordPress hk_shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin hkshortcode versions = 1.0...

CVE-2025-36221 Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

SourceCodester Indian Invoicing System 访问控制错误漏洞

SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. An Access Control Error vulnerability exists in SourceCodester Indian Invoicing System version 1.0, which stems from improper access control of the Backend Endpoint component...

KLiK SocialMediaWebsite 安全漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A security vulnerability exists in KLiK SocialMediaWebsite version 1.0, which originates in the HTTP POST Request Parameter Handler component and could lead to injection...

CVE-2026-45036

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

Astra Linux - уязвимость в rabbitmq-server

Versions of RabbitMQ prior to 3.8.16 are vulnerable to a denial-of-service vulnerability due to improper input validation in the AMQP 1.0 client connection endpoint. A malicious user can exploit this vulnerability by sending malicious AMQP messages to the target RabbitMQ instance where the AMQP 1...

NPM: parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names

NPM: parse-nested-form-data has Prototype Pollution via proto in FormData field names vulnerability discovered by ? in WordPress Npm parse-nested-form-data versions = 1.0.0...

[SECURITY] Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-9.fc42

NGINX module for Brotli compression...

PT-2026-39962

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permission callback of ' return true', which bypasses...

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter fname in the file /addnewfaculty, which may lead to SQL injection...

EUVD-2025-209444

A SQL injection vulnerability exists in the School Management System version 1.0 by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information...

PT-2026-32657

A SQL injection vulnerability exists in the School Management System version 1.0 by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information...

EUVD-2026-21852

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

CVE-2026-6032 code-projects Simple Laundry System checkcheckout.php cross site scripting

A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-39629

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...

EUVD-2026-21244

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be...

CVE-2026-39344

ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting XSS vulnerability on the login page, which is caused by the lack of sanitization or encoding of the username parameter received from the URL. The username parameter value is directly...