88717 matches found
itsourcecode Hospital Management System 注入漏洞
itsourcecode Hospital Management System is an open-source hospital management system developed by itsourcecode. Version 1.0 of itsourcecode Hospital Management System has a vulnerability related to parameter handling in the file/adminaccount.php, which may lead to SQL injection attacks. Attackers...
CodeAstro Leave Management System 注入漏洞
The CodeAstro Leave Management System is a leave management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a SQL injection vulnerability, which stems from the handling of the typeofleave parameter in the file/admin/addleave.php. Attackers can launch...
D-Link DGS-1100-08PD 安全漏洞
The D-Link DGS-1100-08PD is an 8-port Gigabit intelligent management switch from D-Link Corporation. Version 1.00.006 of the D-Link DGS-1100-08PD contains a security vulnerability. This vulnerability stems from improper handling of the /etc/boa.conf file within the Web Interface component, which...
Tenda多款产品 缓冲区错误漏洞
Tenda HG10, etc., are products of the Chinese company Tenda. The Tenda HG10 is a fiber-optic router. The Tenda HG9 is a WiFi router. The Tenda HG7 is a dual-band Wi-Fi fiber network terminal device. Several Tenda products have a buffer error vulnerability. This vulnerability stems from improper...
OpenBullet2 安全漏洞
OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 have security vulnerabilities on Windows. These vulnerabilities stem from credential exposure, and it is possible for remote attackers to exploit them ...
Tenda W20E 缓冲区错误漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a buffer overflow vulnerability. This vulnerability stems from the operation of the formSetPortMirror function in the goform/setPortMirror file, specifically regarding the parameter...
UTT HiPER 2610G 缓冲区错误漏洞
UTT HiPER 2610G is a high-end router designed for small and medium-sized enterprise networks by UTT Corporation. Versions of UTT HiPER 2610G 3.0.0-171107 and earlier contain a buffer overflow vulnerability. This vulnerability stems from the strcpy function in the file/goform/formNatStaticMap, whi...
CVE-2026-11469
A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...
CVE-2026-11463
A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor...
CVE-2026-11465
CVE-2026-11465 affects songquanpeng’s one-api (up to 0.6.11-preview.7). The issue is in the Redemption Code Top-Up Endpoint, specifically the function Redeem in file model/redemption.go, where manipulation leads to business logic errors. Reported as exploitable remotely with high complexity and l...
CVE-2026-11461 NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...
EUVD-2026-34991
A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...
CVE-2026-11460
A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...
CVE-2026-11460
Boost Serialization up to 1.91 has an improper validation flaw in an unknown function. The vulnerability can be exploited remotely; the exploit has been published. No patch is currently available and the disclosure deadline has expired; maintainers were notified in Aug 2025.
CVE-2026-49494
Xcitium Client Security XCS before 13.8.2.10019 and Comodo Internet Security CIS through 12.3.4.8162 fix expected by 2026 Q3 contain an integer underflow vulnerability in the firewall driver Inspect.sys that allows remote unauthenticated attackers to crash the system by sending a crafted IPv6...
CVE-2026-49494
CVE-2026-49494 affects Comodo Internet Security's firewall driver Inspect.sys. The IPv6 packet parser contains an integer underflow: it decrements an unsigned 64-bit payload-length value (from the IPv6 header) by the size of each extension header without validating the sum. If a packet declares a...
SUSE CVE-2026-10952
Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-10974
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-11152
Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-11187
Inappropriate implementation in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...