CVE-2026-6977

CVE-2026-6977 affects vanna-ai vanna up to 2.0.2, arising from an unknown function in the Legacy Flask API that leads to improper authorization. The vulnerability is exploitable remotely and has been disclosed publicly; exploitation status is indicated as a public disclosure with potential use. T...

PT-2026-35149

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

PT-2026-35174

Name of the Vulnerable Software and Affected Versions BIVOCOM TR321 version 21.1.1.50 Description A flaw in the Wireless Setting component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. This occurs through the...

PT-2026-35173

A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

PT-2026-35177

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get message ajax.php of the component Private Message Handler. Executing a manipulation of the argument c id can lead to sql injection. It is possible to launch the...

PT-2026-35168

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...

PT-2026-35160

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

PT-2026-35161

A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descrição results in cross site scripting. The attack can be initiated remotely. The exploit has been made...

PT-2026-35175

A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the argument VLAN Name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to...

PT-2026-35153

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

PT-2026-35166

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

PT-2026-35147

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

arduino-esp32 安全漏洞

Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained a security vulnerability. This vulnerability stemmed from a remote exploitable memory corruption...

CVE-2026-41353

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profil...

DNS Rebinding

Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to DNS Rebinding in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...

GHSA-3VR4-CVMG-7FX4 copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

CVE-2026-6874

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

CVE-2026-6878

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

CVE-2026-6874 ericc-ch copilot-api Header token dns rebinding

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

CVE-2026-6874

CVE-2026-6874 affects ericc-ch copilot-api up to version 0.7.0, specifically a vulnerability in the Header Handler's /token path where manipulating the Host argument can cause reliance on reverse DNS resolution. The attack is described as remote-accessible, with exploitation publicly disclosed. V...