CVE-2026-10211 AstrBotDevs AstrBot fs.py _normalize_rw_path authorization

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2026-10211 AstrBotDevs AstrBot fs.py _normalize_rw_path authorization

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2026-10209 code-projects Online Hospital Management System Appointment appointmentdetail.php sql injection

A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out...

EUVD-2026-33524

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

CVE-2026-10208 code-projects Online Hospital Management System login_1.php login_user sql injection

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

EUVD-2026-33529

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

CVE-2026-10206 D-Link DI-8400 dbsrv.asp stack-based overflow

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used...

CVE-2026-10206 D-Link DI-8400 dbsrv.asp stack-based overflow

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used...

CVE-2026-10205

CVE-2026-10205 affects Metasoft MetaCRM 6.4.0. The vulnerability is in develop/systparam/softlogo/upload.jsp, described as an unrestricted upload via an unknown function, enabling remote exploitation. Public disclosure and exploit availability are indicated; vendor has not responded. The CVSS-bas...

CVE-2026-10205

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

CVE-2026-10205 Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

PT-2026-45500

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm executor.ts of the component switch pane/write to specific pane. The manipulation of the argument request.params.arguments.pane id leads to os command injection...

PT-2026-45279

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock manager.php. This manipulation of the argument txt search category causes sql injection. The attack may be initiated remotely. The exploit has...

PT-2026-45498

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

PT-2026-45350

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.23.6 of AstrBot contains a security vulnerability. This vulnerability stems from the improper authorization in the normalizerwpath function found in the...

PT-2026-45423

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

PT-2026-45672

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

PT-2026-45394

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create supplier of the file /Export csv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection...