41223 matches found
PT-2026-35417
A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The...
SourceCodester Pharmacy Sales and Inventory System 注入漏洞
SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper...
PT-2026-35420
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save category. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released ...
PT-2026-35375
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been...
PT-2026-35283
Name of the Vulnerable Software and Affected Versions CodePanda Source canteen management system version 1.0 Description A SQL injection allows remote attackers to manipulate the Username argument via the '/api/login.php' endpoint. SQL injection is a type of flaw that allows an attacker to...
PT-2026-35348
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been...
PT-2026-35517
A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate favicon from url of the file src/auto favicon/server.py of the component MCP Tool. The manipulation of the argument image url results in server-side request...
PT-2026-35537
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may b...
PT-2026-35355
A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated...
PT-2026-35437
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...
PT-2026-35516
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare kaggle dataset of the file src/kaggle mcp/server.py. The manipulation of the argument competition id leads to path traversal. The attack is possib...
PT-2026-35410
A flaw has been found in Totolink A8000RU 7.1cu.643 b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possible to initiate the attack remotely. The exploit ha...
PT-2026-35366
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been...
PT-2026-35454
A vulnerability has been found in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...
PT-2026-35541
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save product. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...
PT-2026-35432
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete category. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit ha...
PT-2026-35542
A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be...
PT-2026-35377
Name of the Vulnerable Software and Affected Versions Tenda F456 version 1.0.0.5 Description A flaw in the httpd component allows a remote attack to cause a buffer overflow, which occurs when a program writes more data to a storage area than it can hold. The issue is located in the fromNatlimitof...
PT-2026-35395
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent version 0.8.0 Description A flaw in the Webhooks Endpoint component, specifically within the gateway/platforms/webhook.py file, allows for missing authentication. This occurs through the manipulation of the INSECURE N...
PT-2026-35359
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...