88734 matches found
CVE-2026-3693
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...
CVE-2026-3695
A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...
CVE-2026-3693
Shy2593666979 AgentChat (up to 2.3.0) contains a vulnerability in the User Endpoint: get_user_info/update_user_info in /src/backend/agentchat/api/v1/user.py, where manipulating the argument user_id causes improper control of resource identifiers. The issue can be exploited remotely and an exploit...
PT-2026-23911
A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub 405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit h...
PT-2026-23928
Name of the Vulnerable Software and Affected Versions code-projects Simple Flight Ticket Booking System version 1.0 Description A security flaw exists in code-projects Simple Flight Ticket Booking System version 1.0. The issue involves SQL injection, potentially allowing remote attackers to explo...
PT-2026-23908
Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions through 1.7.7-171114 Description A buffer overflow issue exists in the strcpy function within the /goform/NTP file. Remote attackers can exploit this by manipulating the function, potentially leading to a compromise of...
PT-2026-23915
A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered t...
PT-2026-23935
Name of the Vulnerable Software and Affected Versions itsourcecode Free Hotel Reservation System version 1.0 Description A security flaw exists in itsourcecode Free Hotel Reservation System version 1.0. The issue involves a SQL injection impacting an unknown function within the file...
PT-2026-23981
A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher id can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-3672
JeecgBoot up to 3.9.1 contains a SQL injection flaw in isExistSqlInjectKeyword, located in /jeecg-boot/sys/api/getDictItems, allowing remote exploitation. The exploit has been disclosed publicly. No remediation details are provided in the supplied documents.
CVE-2026-30856
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...
CVE-2026-3668
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...
CVE-2026-3662
A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection
A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...
pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID
A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...
CVE-2026-3540
An inappropriate implementation flaw was found in the WebAudio component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484088917...
CVE-2026-3616
A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...
CVE-2026-3610
A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument errordescription results in cross site scripting. The...
PT-2026-23681
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...
orpc 安全漏洞
orpc is an open-source RPC and OpenAPI integration framework developed by middleapi. Versions of oRPC prior to 1.13.6 contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution in the RPC JSON deserializer of the @orpc/client package. This could allow unauthenticat...