40974 matches found
CVE-2026-7701
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...
CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...
CVE-2026-7701
Telegram Desktop
CVE-2026-7699
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
CVE-2026-7700
A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...
CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection
A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...
EUVD-2026-26837
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
CVE-2026-7699
Dromara MaxKey up to 3.5.13 contains the StrUtils.checkSqlInjection vulnerability in StrUtils.java. The issue arises from manipulating the argument filtersfields, enabling remote SQL injection. The exploit is reported as publicly available and the vulnerability has a PROOF-OF-CONCEPT exploit; CVS...
CVE-2026-7698 Tiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injection
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...
EUVD-2026-26836
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...
CVE-2026-7698
Tiandy Easy7 Integrated Management Platform 7.17.0 is affected by an os command injection in the /Easy7/rest/systemInfo/updateDbBackupInfo endpoint. The issue arises from manipulation of the argument week, enabling a remote attacker to execute commands on the affected system. Public exploit code ...
CVE-2026-7698 Tiandy Easy7 Integrated Management Platform updateDbBackupInfo os command injection
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...
CVE-2026-7697
A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2026-7696
Affected product: Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform (version 1.3.0). The vulnerability stems from the file handling function at /SubstationWEBV2/main/uploadH5Files, where manipulation of the File argument enables unrestricted file upload. This is stat...
EUVD-2026-26834
A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched...
CVE-2026-7696
A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched...
GHSA-RVWR-Q5HJ-WQ7G Dolibarr has an Injection issue
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
GHSA-JGGH-5RMH-R6H5 Dolibarr has Insufficient Verification of Data Authenticity
A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...
Dolibarr has Insufficient Verification of Data Authenticity
A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...
Dolibarr has an Injection issue
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...