CVE-2026-11507 CodeAstro Leave Management System delete_leave_type.php sql injection

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/deleteleavetype.php. The manipulation of the argument leavetype results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2026-11507

CodeAstro Leave Management System 1.0 is affected by a SQL injection in /admin/delete_leave_type.php via manipulation of the leave_type parameter. The vulnerability is remote, with a public exploit, enabling an attacker to influence the database from network view. The exact vulnerable function is...

EUVD-2026-35043

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/deleteleavetype.php. The manipulation of the argument leavetype results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

Malicious code in bt-burn-watch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5a0dd195fc668347e830720566418c11620979a0c2344723fbddb1497d8bf9e8 The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard a...

Malicious code in bittensor-burn-monitor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b6f3a79211950df5f7a41e4b0845733e4ec71f253c1f0e6c2d3fa9049c1de1a9 The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard a...

Exploit for CVE-2026-1555

██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ █████...

CVE-2026-11506 CodeAstro Leave Management System search_staff_for_deletion.php sql injection

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

EUVD-2026-35042

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

CVE-2026-11506

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

CVE-2026-11506

CVE-2026-11506 affects CodeAstro Leave Management System 1.0. The vulnerability is an SQL injection in the file /admin/search_staff_for_deletion.php caused by manipulation of the Name parameter, enabling remote exploitation. Public exploit disclosure is noted. The connected records indicate this ...

CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

CVE-2026-47430

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

FreePBX CVE-2025-57819 — Unauthenticated SQLi to Root RCE...

CVE-2026-11503

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

CVE-2026-11501

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

CVE-2026-11505 GL.iNet XE3000 glnassys hard-coded key

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

CVE-2026-11505

CVE-2026-11505 affects GL.iNet devices (A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000, XE3000) running 4.8.x, due to a flaw in the glnassys component. The issue involves use of a hard-coded cryptographic key introduced or exposed via a manipulation, enabling a remote attack with high comp...

CVE-2026-11505 GL.iNet XE3000 glnassys hard-coded key

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

CVE-2026-11505

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...