CVE-2026-12212

The CVE concerns hcengineering Huly Platform (up to v0.7.0). It affects the RPC Interface component, specifically the getMailboxSecret function in server/account/src/operations.ts. The issue is an improper access control vulnerability that could be triggered remotely. Public disclosure of the exp...

EUVD-2026-36685

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

CVE-2026-12211

Intelbras iNVU 7016 FT (3.004.00IB000.0.T, build 2025-09-26) Web Interface contains a path traversal vulnerability in the /RPC2_Loadfile/syslog/ function. The flaw can be exploited remotely to manipulate files; exploit code has been published. A fixed version has been released by the vendor and u...

CVE-2026-12211 Intelbras iNVU 7016 FT Web syslog path traversal

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

CVE-2026-12210

CVE-2026-12210 affects the universal-tool-calling-protocol project, specifically the python-utcp 1.1.0 release, with a vulnerability in the utcp-gql/utcp-websocket component that enables server-side request forgery. The description notes a remote, public exploit and a lack of vendor response. The...

CVE-2026-12210 universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

CVE-2026-12206

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

CVE-2026-12202

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-12209

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2026-12208

CVE-2026-12208 affects the jsonata-js package (up to 2.2.0) in the Function Binding Frame System. The vulnerability is in the function createFrame (src/jsonata.js) where an attacker can perform a prototype pollution attack by manipulating object prototype attributes. This can be triggered remotel...

EUVD-2026-36680

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

CVE-2026-12206

Grit42 Grit (up to 0.11.0) contains a SQL injection in Grit::Assays::DataTableEntity (modules/assays/backend/app/models/grit/assays/data_table_entity.rb). The issue can be exploited remotely; a publicly available exploit exists. The vendor was contacted but did not respond. No remediation or vers...

CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

CVE-2026-12200

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

CVE-2026-12204

Summary : CVE-2026-12204 affects ShopXO up to version 6.7.1. The vulnerability resides in the Scheduled Task Endpoint, notably the file app/api/controller/Crontab.php, affecting functions OrderClose, OrderSuccess, PayLogOrderClose, and GoodsGiveIntegral. The issue allows remote manipulation that ...

EUVD-2026-36678

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-12202

Intelliants Subrion CMS (up to 4.0.3) is affected via the Blocks Endpoint, where manipulating the CSS class name can trigger cross-site scripting. The issue is exploitable remotely and a public exploit exists. Vendor did not respond to disclosure. Based on linked CVSS data, the impact is limited ...