CVE-2026-3135

A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

PT-2026-21963

Name of the Vulnerable Software and Affected Versions Chia Blockchain version 2.1.0 Description A cross-site request forgery condition exists in Chia Blockchain version 2.1.0. The issue is related to an unknown function within the /send transaction file. The attack can be performed remotely and...

CVE-2026-3134 itsourcecode News Portal Project edit-category.php sql injection

A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has be...

CVE-2026-3015

A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclose...

CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

CVE-2026-23858

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection...

CVE-2026-22765

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges...

CVE-2026-2976

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...

CVE-2025-15589

A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...

CVE-2026-3068

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2026-3068

CVE-2026-3068 affects itsourcecode Document Management System 1.0. The vulnerability resides in /deluser.php, where manipulating the user2del parameter allows remote SQL injection. Multiple connected sources confirm the flaw, its remote exploitability, and public availability of the exploit. PT-2...

CVE-2026-3068

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2026-3057

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

CVE-2026-3053

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...

CVE-2026-3053

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...

CVE-2026-3052

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

CVE-2026-2958

A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub457C5C of the file /boafrm/formWsc. Such manipulation of the argument saveapply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and...

CVE-2026-3052

DataLinkDC dinky up to 1.2.5 is affected. The vulnerable component is the Flink Proxy Controller (dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java) and its proxyUba function. The issue enables server-side request forgery (SSRF) and is exploitable remotely. The exploit has ...

CVE-2026-3043

A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and...