303 matches found
CVE-2026-5321
A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...
CVE-2026-5321
CVE-2026-5321 affects vanna-ai up to 2.0.2, involving the FastAPI/Flask Server component. The issue allows remote manipulation that can trigger a permissive cross-domain policy with untrusted domains. An exploit has been published and may be used. The vendor was contacted but did not respond. No ...
PT-2026-29866
Name of the Vulnerable Software and Affected Versions Newgen OmniDocs versions up to 12.0.00 Description A security flaw exists in Newgen OmniDocs up to version 12.0.00. The issue involves improper control of resource identifiers due to manipulation of the DocumentId argument within the...
EUVD-2026-17771
A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...
CVE-2026-4588
A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...
PT-2026-27124
A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-level API key Handler. This manipulation of the argument sk causes use of hard-coded cryptographic k...
CVE-2026-4547
The CVE-2026-4547 entry concerns mickasmt next-saas-stripe-starter v1.0.0. The vulnerable component is the Checkout Handler’s file actions/generate-user-stripe.ts, specifically the function generateUserStripe. The issue arises from manipulation of the priceId argument, causing business logic erro...
CVE-2026-4536
CVE-2026-4536 affects Acrel Environmental Monitoring Cloud Platform 1.1.0. The issue enables an attacker to perform an unrestricted upload through manipulation of some unknown processing, with a remote-initiated attack. Public exploit information exists and the vulnerability has a PROOF-OF-CONCEP...
PT-2026-26959
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is...
PT-2026-26967
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacte...
PT-2026-26888
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
CVE-2026-3965
CVE-2026-3965 affects whyour qinglong up to 2.20.1, with the vulnerability located in the back/loaders/express.ts API Interface. The issue arises from manipulation of the command argument, causing protection mechanism failure and enabling remote access. Public exploit information exists, and ther...
CVE-2026-3714 OpenCart Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engine
A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The...
PT-2026-23929
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient id causes improper authorization. It is possible to initiate the attack remotely. The exploit ha...
PT-2026-23942
Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description An improper authorization issue exists in the User Creation Handler component of the software. This can be triggered by manipulating the file add user.php. The attack can ...
EUVD-2026-8997
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file TemplateCacheComponent.java of the component Template Cache Generation. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been...
CVE-2026-24790 Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...
Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller 访问控制错误漏洞
The Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller is an industrial natural gas odorization system developed by the American company Welker. This system has a security vulnerability known as access control errors. The vulnerability stems from insufficient protective measures or...
Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller
RISK EVALUATION Successful exploitation of this vulnerability could result in an over- or under-odorization event. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Prototype Pollution
@adonisjs/bodyparser is vulnerable to a Prototype Pollution. The vulnerability is due to improper handling of multipart form-data parsing, which allows a remote attacker to manipulate object prototypes at runtime and potentially alter application behavior...