41707 matches found
CVE-2026-15544
A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has be...
CVE-2026-15541
A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...
CVE-2026-15539
SourceCodester Online Book Store System 1.0 is affected by a vulnerability in the Book Image Upload Feature (admin/index.php?page=books) that allows unrestricted file upload. The issue enables remote attacker manipulation leading to unrestricted upload, as disclosed publicly. No remediation detai...
CVE-2026-15535
The CVE concerns AkariAsai self-rag’s retrieval_lm component. Affected code: file retrieval_lm/src/index.py, function Indexer.deserialize_from, where manipulating the argument index_meta.faiss can trigger deserialization. This may be exploitable remotely; public exploit details exist. No specific...
CVE-2026-15532
SourceCodester Online Book Store System 1.0 is affected by a cross site scripting (XSS) vulnerability in the User Management Module. The issue arises from manipulation of the Name/Username argument, enabling an attacker to inject script. The vulnerability is remote-exploitable and has a publicly ...
CVE-2026-15532
A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...
CVE-2026-15530
WuzhiCMS
EUVD-2026-43276
A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. Th...
CVE-2026-15529
The vulnerability affects yzhao062 pyod versions 3.5.0, 3.5.1, and 3.5.2, specifically the function pyod.utils.persistence.load in pyod/utils/persistence.py. A path argument manipulation leads to deserialization, and the issue can be triggered remotely. The connected documents mention a pull requ...
CVE-2026-15523
CVE-2026-15523 affects CodeAstro Simple Online Leave Management System 1.0. The vulnerability is in the /SimpleOnlineLeave/admin/dashboard.php file, where manipulation of the Name argument enables SQL injection. The issue can be triggered remotely and a public exploit is available. The supplied s...
EUVD-2026-43265
A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...
CVE-2026-15518
AREA 17 Twill CMS
EUVD-2026-43252
A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function systemwluploadpicfile of the file /usr/bin/webmgnt of the component FastCGI Backend. This manipulation of the argument filename causes os command injection. It is possible to...
EUVD-2026-43253
A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...
EUVD-2026-43249
A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...
CVE-2026-15516
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-15516 for affected versions, impact, and remediation.
EUVD-2026-43258
A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a...
CVE-2026-15512
CVE-2026-15512 affects pig-mesh Pig up to 3.9.2. The issue lies in pig-codegen, specifically GeneratorServiceImpl.java, where certain manipulation leads to code injection. The vulnerability appears exploitable remotely, with a publicly available exploit. The vendor was contacted early but did not...
CVE-2026-15510
Leantime up to 3.8.0 is affected by an improper authorization issue in API:Setting::saveSetting. The root cause is improper access control in the SaveSetting function, enabling a remote attack. Public exploit exists and could be used. The vulnerability impacts the API component and is rated with ...
CVE-2026-15509
Leantime up to 3.8.0 is affected by a vulnerability in the JSON-RPC Endpoint functions editUser/addUser where manipulating the role argument leads to improper authorization. The issue is exploitable remotely and has been publicly disclosed; vendor response was not provided. Affected impact includ...