21946 matches found
EUVD-2026-19420
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...
CVE-2026-5668 Cyber-III Student-Management-System add%20notice.php cross site scripting
A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $SERVER'PHPSELF' causes cross site scripting. It is possible to initiate th...
CVE-2026-34940 KubeAI has an OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods
KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript function in internal/modelcontroller/engineollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash ...
CVE-2026-34402
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...
Exploit for CVE-2026-35678
Vulnerability Research Report: All Eduplus ERP Insecure Direct...
CVE-2026-31408
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...
CLEANSTART-2026-LR09759 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4
Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...
VulnCheck KEV: CVE-2026-3965
A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...
Brave CMS 安全漏洞
Brave CMS is a blog and news content management system developed by Razvan Zamfir. Versions of Brave CMS prior to 2.0.6 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the article image deletion function, which could allow authenticate...
CVE-2026-31408
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...
PT-2026-30576
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a use-after-free issue in the sco recv frame function within the Bluetooth SCO Synchronous Connection-Oriented subsystem. The function reads conn-sk under sco...
MINI-MM75-G8VH-J5R4
Bulletin has no description...
MINI-R64X-MHJM-P9W3
Bulletin has no description...
MINI-Q66W-F7X6-GRQH
Bulletin has no description...
MINI-HQGJ-W9JW-HX2F
Bulletin has no description...
MINI-M899-QJH2-G987
Bulletin has no description...
MINI-47XC-CP6V-542P
Bulletin has no description...
MINI-3J8J-829C-3V77
Bulletin has no description...
MINI-PG4P-8P25-256H
Bulletin has no description...
CVE-2026-4896
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...