266 matches found
CVE-2026-15186
The CVE-2026-15186 vulnerability affects macrozheng mall (up to version 1.0.3) in the Portal Endpoint’s /returnApply/create function, where manipulating the orderId can lead to improper control of resource identifiers. This is a network-exposed issue with a low- to medium-severity CVSS range (bas...
CVE-2026-15186 macrozheng mall Portal Endpoint create resource injection
A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...
CVE-2026-47214
A flaw was found in Docling, a document processing tool. Its HTML backend contained vulnerabilities related to unsafe handling of Uniform Resource Identifiers URIs and file paths. This could allow an attacker to access local files, navigate outside of intended directories path traversal, and...
CVE-2026-13493
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...
EUVD-2026-39992
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...
CVE-2026-13493
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...
CVE-2026-13493
Technical details are not publicly available in the provided documents. Monitor for updates on affected components, remediation status, and any vendor advisories.
PT-2026-53105
Name of the Vulnerable Software and Affected Versions AIDC-AI ComfyUI-Copilot versions prior to 2.0.29 Description A flaw exists in the Workflow Checkpoint Restore Handler component within the file backend/controller/conversation api.py. This issue involves improper control of resource identifier...
CVE-2026-2604
Summary: CVE-2026-2604 affects evolution-data-server. An inconsistent comparison logic in the addressbook backend lets a Flatpak/D-Bus user craft a malicious URI with directory traversal sequences. This URI is stored during contact creation/modification and later rechecked with lower strictness d...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the monitor API endpoints, which lack proper ownership enforcement. An attacker can read, modify, rename, or permanently delete another user's messages, sessions, build artifacts, and...
CVE-2026-49233
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
EUVD-2026-35063
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
CVE-2026-7303
A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...
CVE-2025-22426
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-34024
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...
CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection
A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...
CVE-2026-10624
The vulnerability affects SourceCodester Human Resource Management 1.0, in the Employee View Page’s detailview.php. Manipulating the employeeid parameter leads to improper control of resource identifiers (an IDOR-style issue). Exploitation can be performed remotely, and public disclosure of the e...
EUVD-2026-33832
A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...
CVE-2026-10299
A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...
CVE-2026-10168
A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...