CVE-2026-8221

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...

PT-2026-39542

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A flaw in the SMF component allows remote attackers to cause a denial of service. The issue exists within the update authorized pcc rule and qos function located in the /src/smf/npcf-handler.c file...

EUVD-2026-28940

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

CVE-2026-8196 JeecgBoot mLogin Endpoint LoginController.java authorization

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

CVE-2026-8196

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

CVE-2026-43979

creationtimestamp| type| source ---|---|--- 2026-05-09 11:08:19+00:00| published-proof-of-concept| https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-fj2m-qvh9-jq4q...

PT-2026-39415

Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.9.1 Description A flaw in the 'mLogin' endpoint within the LoginController.java file of the jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ component allows for remote authorization...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the EqualsUri function. An attacker can cause incorrect URI comparisons by supplying specially crafted input values. Remediation A fix was pushed into the master branch but not yet...

CVE-2026-8136

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and...

EUVD-2026-28488

A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file postcomment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used...

EUVD-2026-28478

A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssfnnrfnsselectionhandlegetfromamforvnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has...

CVE-2026-45148

creationtimestamp| type| source ---|---|--- 2026-05-08 03:05:45+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-fmh9-gpqh-g53g...

EUVD-2026-28454

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network...

PT-2026-38657

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description A flaw in the '/index.php?page=users' endpoint allows for remote cross-site scripting XSS, which occurs when an attacker manipulates the Name argument. Cross-site...

PT-2026-38604

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A flaw in the NSSF component allows a remote attacker to cause a denial of service through manipulation of the nssf nnrf nsselection handle get from amf or vnssf function located in the...

PT-2026-38642

Name of the Vulnerable Software and Affected Versions SourceCodester Comment System version 1.0 Description An issue exists in the processing of the 'post comment.php' file. Manipulation of the Name argument allows for SQL injection, which can be exploited remotely. Recommendations At the moment,...

CVE-2026-45137

creationtimestamp| type| source ---|---|--- 2026-05-07 23:35:33+00:00| published-proof-of-concept| https://github.com/otter-sec/anchor/security/advisories/GHSA-c6rc-8jpp-2fgc 2026-05-27 22:02:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmuj3olipx2e 2026-05-27...

CVE-2026-35435

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network...

Azure AI Foundry Elevation of Privilege Vulnerability

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network...

Microsoft Azure AI Foundry M365 published agents 访问控制错误漏洞

Microsoft Azure AI Foundry M365 Published Agents are a series of enterprise-level intelligent agents provided by the American company Microsoft. There is an access control vulnerability in Microsoft Azure AI Foundry M365 Published Agents. This vulnerability stems from improper access control, whi...