PT-2026-49135

Name of the Vulnerable Software and Affected Versions LiamBindle MQTT-C versions prior to 1.1.7 Description A heap-based out-of-bounds read and integer underflow exist in the mqtt unpack publish response function within src/mqtt.c. A remote unauthenticated attacker who controls an MQTT broker or...

SUSE SLED15 / SLES15 Security Update : mutt (SUSE-SU-2026:2301-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2301-1 advisory. This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP...

FreeBSD : caddy -- multiple vulnerabilities (94f93681-6775-11f1-8044-002590af0794)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 94f93681-6775-11f1-8044-002590af0794 advisory. Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory...

SUSE SLES12 Security Update : mutt (SUSE-SU-2026:2300-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2300-1 advisory. This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. -...

CVE-2026-12175

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

CVE-2026-12176 SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out...

CVE-2026-12176

SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 contains a cross-site scripting (XSS) vulnerability in an unknown function of the file /index.php when the action parameter is manipulated. The attack is remote and has been publicly disclosed . Exploit maturity is label...

CVE-2026-12176 SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out...

CVE-2026-12175 CodeAstro Student Attendance Management System createStudents.php sql injection

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

CVE-2026-12175 CodeAstro Student Attendance Management System createStudents.php sql injection

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

CVE-2026-12175

CodeAstro Student Attendance Management System 1.0 is affected. The vulnerability resides in /attendance-php/Admin/createStudents.php where manipulating the admissionNumber parameter enables an SQL injection. It supports remote exploitation and the exploit is public. No remediation or patch detai...

Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

MAL-2026-5753 Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

OffSploit

OffSploit: Autonomous Exploit Adaptation & C2 Framework !Py...

Malicious code in patientdocuments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56c5ab4dc6470deaebe29f4851edb91bc5d5704e9f9578a91e238490708c007b package.json declares a preinstall lifecycle script that runs wget --quiet...

MAL-2026-5752 Malicious code in patientdocuments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56c5ab4dc6470deaebe29f4851edb91bc5d5704e9f9578a91e238490708c007b package.json declares a preinstall lifecycle script that runs wget --quiet...

CVE-2026-12174

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...

Malicious code in chai-utils-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edd573a9e5fdef8dcde78f5b0c9fa00521f232b886be838104741d1e0535f7 Package name 'chai-utils-test' impersonates the popular 'chai' assertion library and ships a cloned chai source tree. The declared main index.js call...

MAL-2026-5748 Malicious code in chai-utils-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edd573a9e5fdef8dcde78f5b0c9fa00521f232b886be838104741d1e0535f7 Package name 'chai-utils-test' impersonates the popular 'chai' assertion library and ships a cloned chai source tree. The declared main index.js call...

EUVD-2026-36654

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...