SUSE CVE-2026-7020

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

SUSE CVE-2026-7361

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7469

CVE-2026-7469 affects Tenda 4G300 devices (US_4G300V1.0Mt_V1.01.42_CN_TDC01). The vulnerability resides in function sub_425A28 within the file /goform/DelFil, where manipulating the argument delflag leads to a command injection. The attack can be carried out remotely, and the exploit is public. I...

CVE-2026-7447

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

CVE-2026-7468

The CVE covers 1024-lab smart-admin up to version 3.30.0, affecting an unknown function in /smart-admin-api/druid/index.html of the Demo Site. The issue enables improper access controls via a remote attack, with a publicly disclosed exploit and a PROOF-OF-CONCEPT status in the metrics. Affected p...

CVE-2026-7445

A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote...

CVE-2026-7447 SourceCodester Pet Grooming Management Software update_customer.php sql injection

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

CVE-2026-7447

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

CVE-2026-7446 VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

EUVD-2026-26302

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

CVE-2026-7446

VetCoders mcp-server-semgrep version 1.0.0 is affected by CVE-2026-7446 in the MCP Interface. The vulnerability exists in the file src/index.ts (functions analyze_results, filter_results, export_results, compare_results, scan_directory, create_rule) where manipulation of the argument ID enables a...

PT-2026-36208

Name of the Vulnerable Software and Affected Versions code-projects Plugin version 4.1.2cu.5137 Description A remote buffer overflow exists in the setWiFiMultipleConfig function within the /lib/cste modules/wireless.so library of the /cgi-bin/cstecgi.cgi file. This issue occurs when the wepkey2...

PT-2026-36202

Name of the Vulnerable Software and Affected Versions LinkStackOrg LinkStack versions prior to 4.8.7 Description An authorization bypass exists in the Management Endpoint component. This issue occurs within the saveLink function located in the app/Http/Controllers/UserController.php file, allowin...

PT-2026-36210

Name of the Vulnerable Software and Affected Versions nextlevelbuilder GoClaw versions prior to 3.9.0 nextlevelbuilder GoClaw Lite versions prior to 3.9.0 Description A flaw in the RPC Handler component allows for improper authorization. This issue can be triggered remotely through an unknown...

ROS-20260430-73-0016

Vulnerability in golang related to errors in certificate authentication procedure. The vulnerability can be exploited remotely...

SUSE Manager 4.3.15 - Code Execution

Exploit Title: SUSE Manager 4.3.15 - Code Execution Date: 29.01.2026 Exploit Author: Wiktor Maj Vendor Homepage: https://www.uyuni-project.org/ Software Link: https://github.com/uyuni-project/uyuni Version: Uyuni 2025.05, SUSE Manager 5.0.4, SUSE Manager 4.3.15 Tested on: Debian 12 bookworm, Pyth...