88735 matches found
CVE-2026-2820
A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be...
CVE-2026-2665
A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...
PT-2026-21022
Name of the Vulnerable Software and Affected Versions EnOcean SmartServer IoT versions prior to 4.60.009 Description A flaw exists that could allow remote attackers to cause a memory leak. This can occur by sending specially crafted IP-852 messages within LON IP-852 management messages...
CVE-2026-26724
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...
PT-2026-21247
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerCacheController.java of the component Cache Sync Handler...
CVE-2026-26359
Dell Unisphere for PowerMax 10.2 is vulnerable to External Control of File Name or Path. A low-privileged, remote attacker could overwrite arbitrary files due to unsafely handled file names/paths. The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and privile...
CVE-2026-2629
A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...
PT-2026-31529
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A policy bypass issue existed in ServiceWorkers within Google Chrome before version 147.0.7727.55. A remote attacker could bypass the content security policy by using a specially crafte...
PT-2026-20569
Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A flaw exists in itsourcecode Event Management System version 1.0 related to SQL injection. The issue is located in the Admin Login functionality, specifically within the...
PT-2026-20571
Name of the Vulnerable Software and Affected Versions CoCoTeaNet CyreneAdmin versions up to 1.3.0 Description A path traversal issue exists in the Image Handler component of CoCoTeaNet CyreneAdmin. The issue is located in the /api/system/user/getAvatar file, where manipulation of the Avatar...
PT-2026-20646
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...
DEBIAN-CVE-2026-2649
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-2676
CVE-2026-2676 concerns the GoofTech sms-ssm API, specifically the preHandle function in LoginInterceptor.java under the API Interface component. The weakness is described as allowing improper authorization, potentially exploitable remotely. The exploit is reportedly public, with no disclosed vers...
CVE-2026-2676 GoogTech sms-ssm API LoginInterceptor.java preHandle improper authorization
A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be...
CVE-2019-25401
Bematech MP-4200 TH printer (formerly Logic Controls, now Elgin) has a denial-of-service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the web service, causing DoS. CVSS metrics are provided: ...
CVE-2026-2666
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...
CVE-2026-2641 universal-ctags V Language v.c parseExprList recursion
A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...
PT-2026-20547
A vulnerability has been found in Tsinghua Unigroup Electronic Archives System up to 3.2.21080262532. Impacted is an unknown function of the file /mine/PublicReport/prinReport.html?token=java. Such manipulation of the argument comid leads to sql injection. The attack can be launched remotely. The...
PT-2026-20541
Bematech formerly Logic Controls, now Elgin MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service...
CVE-2026-23596
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability...