CVE-2025-58935

creationtimestamp| type| source ---|---|--- 2026-01-05 16:05:33+00:00| published-proof-of-concept| Telegram/VkrzGOR0tqreFUaL079RX9VsFazmmGoYNfIdzA0XeR4BgNU...

CVE-2026-0597

A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/editprofile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has...

CVE-2026-0585

creationtimestamp| type| source ---|---|--- 2026-01-05 11:01:52+00:00| published-proof-of-concept| Telegram/42OKHkBApS4mgO59EKytcRZHRi0oZ5Ka-rfpAtjEf0rIk...

RHSA-2026:0001

creationtimestamp| type| source ---|---|--- 2026-01-05 05:01:22+00:00| published-proof-of-concept| Telegram/tnSVeYZoZ7XDXZtoAg8da9hyH6297qKNo6VluCdDLGMBhU...

CVE-2025-15455

A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function deletepage of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been...

Malicious code in published_at (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6089f817f79b6c53b35373aac18fd90de2fba2940ba8daa1286c5d82ede4a9c The package publishedat was found to contain malicious code. Source: ghsa-malware dcecd48f5e6fb3589ec38336393f753621839d5278f70c28e6349129fd2eb39b An...

PT-2026-1291

Name of the Vulnerable Software and Affected Versions Campcodes Supplier Management System version 1.0 Description A flaw exists in Campcodes Supplier Management System version 1.0, specifically within the file /retailer/edit profile.php. The manipulation of the txtRetailerAddress argument can le...

EUVD-2026-0923

A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. The impacted element is an unknown function of the file /assetsGroupReport/fixedAssetsList.j%73p. Executing a manipulation of the argument unitCode can lead to sql injection. The attack may be performed from remote...

CVE-2026-21429

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

CVE-2025-15435

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...

CVE-2025-15431

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The...

CVE-2025-15414

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...

CVE-2025-67442

creationtimestamp| type| source ---|---|--- 2026-01-02 18:48:41+00:00| published-proof-of-concept| Telegram/SIlHdnSWOhxtT164bo5OUY813qzBPWb650GYgkhFr1n0D8 2026-01-02 21:52:17+00:00| published-proof-of-concept| Telegram/mK8o9C1rhrHkVcM37GZHvLPW6XA5mG-AmvsJea-RQorcPsU...

CVE-2026-0568

A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-15406

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used...

CVE-2026-21429

CVE-2026-21429 affects Emlog (open-source PHP/MySQL CMS); specifically version 2.5.23 where an admin-configured control allows users to be prevented from editing or deleting published articles. Root cause: broken access control enabling post-publish restrictions. Impact as stated: users cannot ed...

CVE-2026-21429 Emlog has Broken Access Control (BAC)

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

CVE-2025-15435

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...

CVE-2025-15435

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...

CVE-2025-15431

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The...