CVE-2026-6595

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument busid leads to sql...

CVE-2026-5469 Casdoor Webhook URL server-side request forgery

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

CVE-2026-3404

A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of...

CVE-2026-2538 Flos Freeware Notepad2 Msimg32.dll uncontrolled search path

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The...

EUVD-2025-38377

A vulnerability has been found in aaPanel BaoTa up to 11.1.0. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-7117

A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be initiated remotely. The exploit has been...

CVE-2025-6096

The CVE-2025-6096 entry concerns codesiddhant Jasmin Ransomware up to version 1.0.1. The vulnerability affects an unknown function in /dashboard.php where manipulating the Search argument leads to SQL injection. It is exploitable remotely, and publicly disclosed exploits exist. Connected document...

CVE-2025-5876 Lucky LM-520-SC/LM-520-FSC/LM-520-FSC-SAM missing authentication

A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed t...

CVE-2025-5874

CVE-2025-5874 affects Redash, up to versions 10.1.0/25.1.0, via the getattr Handler’s run_query function in /query_runner/python.py, causing a sandbox issue. The exploitability is reported as high complexity with public PoC evidence; exploitation maturity is noted as proof-of-concept. The vendor ...

CVE-2025-5440 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 NTP os command injection

A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument...

CVE-2023-7036

A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely...

CVE-2025-4121

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmdwireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this...

CVE-2025-4012

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...

CVE-2025-3411 mymagicpower AIAS AsrController.java server-side request forgery

A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308. This issue affects some unknown processing of the file 3apiplatform/api-platform/src/main/java/top/aias/platform/controller/AsrController.java. The manipulation of the argument url leads to server-sid...

CVE-2025-2956

A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0 /1.0.8.S0 and classified as problematic. This issue affects the function pluginscallhandleuriraw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be...

CVE-2025-2956

A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0 /1.0.8.S0 and classified as problematic. This issue affects the function pluginscallhandleuriraw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be...

CVE-2025-2194

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be...

Linux Distros Unpatched Vulnerability : CVE-2022-2042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-2042 Note that Nessus relies on the presence of the package as reported by the vendor...

CVE-2025-1844

CVE-2025-1844 affects ESAFENET CDG 5.6.3.154.205_20250114. The flaw is a SQL injection in the file /CDGServer3/logManagement/backupLogDetail.jsp, caused by manipulating the logTaskId parameter. It is remotely exploitable over the network, with public exploit disclosure noted in the sources. The v...

CVE-2024-8079

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not...