41221 matches found
CVE-2026-5467
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...
CVE-2026-5467 Casdoor OAuth Authorization Request redirect
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...
CVE-2026-5467 Casdoor OAuth Authorization Request redirect
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirecturi leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly...
CVE-2026-5326
A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manageuser of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely...
CVE-2026-5322
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...
CVE-2026-5319
A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclos...
CVE-2026-5320
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...
CVE-2026-5321
A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...
Linux Distros Unpatched Vulnerability : CVE-2026-5318
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the...
PT-2026-30189
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...
PT-2026-30029
Name of the Vulnerable Software and Affected Versions Casdoor version 2.356.0 Description A flaw exists in the OAuth Authorization Request Handler component that allows for open redirect attacks. Manipulation of the redirect uri argument can be exploited remotely. The exploit is publicly availabl...
PT-2026-30049
Name of the Vulnerable Software and Affected Versions Casdoor version 2.356.0 Description A weakness exists in the Webhook URL Handler component that could allow for server-side request forgery SSRF. This can be triggered remotely by manipulating the system. The vendor was contacted but did not...
Linux Distros Unpatched Vulnerability : CVE-2026-5342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikonloadpaddedpackedraw of the file src/decoders/decoderslibraw.cpp of the...
Linux Distros Unpatched Vulnerability : CVE-2026-5316
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to...
Linux Distros Unpatched Vulnerability : CVE-2026-5314
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbttInitFontinternal in the library stbtruetype.h of the component TTF File...
EUVD-2026-18515
A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function getesdatabyhttp of the file backend/apps/db/esengine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated...
EUVD-2026-18414
A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...
EUVD-2026-18410
A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpnconnect of the file /setup.cgi. Executing a manipulation of the argument policyname can lead to os command injection. The attack can be executed remotely. The exploit has been published and may ...
CVE-2026-5418
The CVE affects appsmith.org Appsmith Dashboard up to version 1.97, specifically the computeDisallowedHosts function in WebClientUtils.java. The issue enables server-side request forgery (SSRF) and may be exploitable remotely; an exploit is publicly available. Mitigation provided in the sources i...
CVE-2026-5368
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...