EUVD-2026-34842

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

CVE-2026-11312 bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

PT-2026-46961

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiatio...

PT-2026-46220

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change profile image.php. Executing a manipulation of the argument pr profile image can lead to unrestricted upload. The attack may be launched remotely...

CVE-2026-10221

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...

CVE-2026-10703 EIPStackGroup OpENer SendRRData cipmessagerouter.c CreateMessageRouterRequestStructure use after free

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible...

CVE-2026-10220

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-10548

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function syncanthropicentryfromcredentialsfile of the file agent/credentialpool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack...

EUVD-2026-33856

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function syncanthropicentryfromcredentialsfile of the file agent/credentialpool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack...

PT-2026-45678

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

PT-2026-45676

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...

CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

CVE-2026-10259

A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has be...

EUVD-2026-33568

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...

CVE-2026-10223

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...

CVE-2026-10228

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

CVE-2026-10220

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

CVE-2026-10216

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

CVE-2026-10223

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...