PT-2026-20280

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions: wppm submit proj...

CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

CVE-2026-2620 Huace Monitoring and Early Warning System ProjectRole.aspx sql injection

A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. T...

CVE-2026-2620 Huace Monitoring and Early Warning System ProjectRole.aspx sql injection

A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. T...

CVE-2026-2620

Huace Monitoring and Early Warning System version 2.2 is affected by a SQL injection in the web application path /Web/SysManage/ProjectRole.aspx when the ID parameter is manipulated. The vulnerability is exploitable remotely, with public exploits available, and the vendor has not responded to dis...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...

GO-2026-4493 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke...

CVE-2024-31118

Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70...

CVE-2024-31118 WordPress SP Project & Document Manager plugin <= 4.70 - Broken Access Control to XSS vulnerability

Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70...

CVE-2024-31118 WordPress SP Project & Document Manager plugin <= 4.70 - Broken Access Control to XSS vulnerability

Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70...

WordPress plugin SP Project & Document Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Huace Monitoring and Early Warning System SQL注入漏洞

The Huace Monitoring and Early Warning System is a geological structure and safety monitoring platform developed by Huace Corporation. Version 2.2 of the Huace Monitoring and Early Warning System contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of...

PT-2026-20211

Name of the Vulnerable Software and Affected Versions Smartypants SP Project & Document Manager versions through 4.70 Description An authorization issue exists in Smartypants SP Project & Document Manager. The issue involves incorrectly configured access control security levels, potentially...

PT-2026-20337

Name of the Vulnerable Software and Affected Versions Huace Monitoring and Early Warning System version 2.2 Description A weakness exists in Huace Monitoring and Early Warning System 2.2, specifically within an unknown functionality of the /Web/SysManage/ProjectRole.aspx file. Manipulating the ID...

PT-2026-41683

Name of the Vulnerable Software and Affected Versions ChromaDB versions 1.0.0 through 1.5.8 Description A pre-authentication code injection issue exists in the ChromaDB Python project. An unauthenticated remote attacker can execute arbitrary code on the server by sending a request to the...

BIT-GITLAB-2026-1282 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles...

CVE-2026-2536

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...

Parth--SQLI-Detection-Tool

No d...

CVE-2025-70121

An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method NASMobileIdentity5GS.go when accessing index 5 of ...