CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-9552

CVE-2026-9552 affects Das Parking Management System 6.2.0, specifically the Search API Endpoint. The vulnerability is a SQL injection triggered by manipulating the Value parameter, allowing remote exploitation. Public exploits exist. The vendor was contacted but did not respond. No remediation de...

EUVD-2026-30692

A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqxpersistentsessionds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high complexity level is...

EMQX 竞争条件问题漏洞

EMQX is an MQTT message server provided by the EMQX company. Versions of EMQX 6.2.0 and earlier contained a race condition vulnerability. This vulnerability stemmed from unknown functions in the QoS 2 PUBLISH Packet Handler component, specifically the emqxpersistentsessionds.erl file. Attackers...

EUVD-2026-29897

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...

EUVD-2026-29472

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

CVE-2026-35071

The CVE-2026-35071 entry concerns Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, with an OS Command Injection flaw caused by improper neutralization of special elements in an OS command. A high-privilege attacker with local access could potentially exploit this to achieve command execut...

Fortinet FortiTokenAndroid 安全漏洞

Fortinet FortiTokenAndroid is a mobile security authentication application developed by Fortinet, Inc. It provides two-factor authentication and dynamic password generation features. There are security vulnerabilities in all versions of Fortinet FortiTokenAndroid, including 6.2, 6.1, and 5.2. The...

Assimp 资源管理错误漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Version 6.0.2 of Assimp contains a resource management vulnerability. This vulnerability originates from the ConvertMeshMultiMaterial method in FBXConverter.cpp, and it could all...

CVE-2025-70072

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial components...

fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt up to 6.2.0 contained security vulnerabilities. These vulnerabilities occurred when the allowedAud verification option used regular expressions, and if the aud declaration controlled by the attacker trigger...

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.2) +5 more potentially affected by CVE-2026-34197 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.2)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.2 Source cves: CVE-2026-34197 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16032379...

CVE-2026-0686

The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parseauthorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2026-32925

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-34405

Summary: CVE-2026-34405 affects Nuxt OG Image. The vulnerable component (image-generation) is served at the URI /_og/d/ (and historically /og-image/) and can inject arbitrary HTML body attributes due to a flaw in Nuxt OG Image before version 6.2.5. Affected versions: prior to 6.2.5. Impact: poten...

CVE-2026-33504 Ory Hydra has a SQL injection via forged pagination tokens

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

CVE-2025-43534

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock...