PT-2026-2038

Name of the Vulnerable Software and Affected Versions Flycatcher Toys smART Sketcher versions up to 2.0 Description A flaw exists in the Bluetooth Low Energy Interface component of the software. This issue results in missing authentication. Exploitation is possible within a local network. The...

WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Creator LMS versions = 1.1.12...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the Parser::parsebinary function. An attacker can cause a denial of service by triggering a null pointer dereference through local access. Remediation A fix was pushed into the master branch but not yet...

CVE-2025-15493 RainyGao DocSys ReposAuthMapper.xml sql injection

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2021-27509

In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code...

CVE-2026-0697

A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/editadmin.php. This manipulation of the argument adminid causes sql injection. The attack may be initiated remotely. The exploit has been published...

CVE-2025-14522

creationtimestamp| type| source ---|---|--- 2026-01-09 02:01:06+00:00| published-proof-of-concept| Telegram/9r3a4T582Uj-d8cAzOCMsayyXRdqw-Vs2IIS-Y7LNVntDY...

CVE-2026-0730 PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting

A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...

GHSA-XJ93-QW9P-JXQ4

creationtimestamp| type| source ---|---|--- 2026-01-08 15:04:15+00:00| published-proof-of-concept| Telegram/yKq4JZi7DqLkj1C3AmJNJ8CdN45JKlyrqrV14cu0DbuA70...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via CURLSSHAUTHAGENT flag for public key authentication. An attacker can gain unauthorized access by leveraging a locally running SSH agent to bypass the intended key passphrase requirement. Note: This issue...

CVE-2026-0643

A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The...

PT-2026-1971

Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A flaw exists in code-projects Intern Membership Management System version 1.0. The issue involves a SQL injection vulnerability within an unknown function of the...

CVE-2016-16113

creationtimestamp| type| source ---|---|--- 2026-01-07 23:00:13+00:00| published-proof-of-concept| Telegram/h5P8bfRy51cnS-yezftJbVpEO2Om2ofhpc-g7kq6JaOtWVE 2026-01-08 03:00:07+00:00| published-proof-of-concept| Telegram/Z6KDFyAddhRWTTdj8KLR9BqWCW4LVkYFOJnFavxpUnMZmU...

GHSA-R8W6-9XWG-6H73

creationtimestamp| type| source ---|---|--- 2026-01-07 20:04:13+00:00| published-proof-of-concept| Telegram/shQsG5TFmMrzus3uWOqA-vjUO4oHdrJHZ6Xu7ifps-tm5s...

CVE-2025-20802

creationtimestamp| type| source ---|---|--- 2026-01-07 16:04:37+00:00| published-proof-of-concept| Telegram/C5Pt7uloxKJDrqitQkO17NAOQQ9eE92f4ibyk5mNwogme0...

CVE-2025-15472

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be...

CVE-2025-15461

A flaw has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTaskEdit. Executing a manipulation of the argument selDateType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used...

GHSA-FXM2-CMWJ-QVX4

creationtimestamp| type| source ---|---|--- 2026-01-05 20:06:24+00:00| published-proof-of-concept| Telegram/JAgd3MmiB-mKId6ZqmxCsd9P9WDn1iDljyZ5VMvZMUD8...

CVE-2025-43320

creationtimestamp| type| source ---|---|--- 2026-01-05 19:06:38+00:00| published-proof-of-concept| Telegram/fMtvesIEGvLKzgXVr04EQ2rBgwnPRUk0FUIDqd1543CWh4...

CVE-2025-14817

creationtimestamp| type| source ---|---|--- 2026-01-05 16:05:33+00:00| published-proof-of-concept| Telegram/VkrzGOR0tqreFUaL079RX9VsFazmmGoYNfIdzA0XeR4BgNU...