CVE-2026-7109 code-projects Invoice System in Laravel API Endpoint item improper authorization

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

CVE-2026-7109 code-projects Invoice System in Laravel API Endpoint item improper authorization

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

CVE-2026-7109

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

CVE-2026-7083

CVE-2026-7083 affects likeadmin-likeshop likeadmin_php up to 1.9.6. The vulnerability is in the function queryResult of server\app\adminapi\lists\tools\DataTableLists.php within the DataTable Admin API. This manipulation leads to a SQL injection vulnerability that can be exploited remotely. The e...

EUVD-2026-25766

A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...

CVE-2026-7083

A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...

CVE-2026-7072

A vulnerability was detected in CodePanda Source canteenmanagementsystem 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may...

CVE-2026-7065

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery...

PT-2026-35283

Name of the Vulnerable Software and Affected Versions CodePanda Source canteen management system version 1.0 Description A SQL injection allows remote attackers to manipulate the Username argument via the '/api/login.php' endpoint. SQL injection is a type of flaw that allows an attacker to...

CodePanda Source canteen_management_system 注入漏洞

CodePanda Source canteenmanagementsystem is an open-source system developed by CodePanda Source for managing cafeteria operations and dining services. Version 1.0 of CodePanda Source canteenmanagementsystem contains a SQL injection vulnerability. This vulnerability stems from the handling of the...

Wooey 安全漏洞

Wooey is a web interface running tool for command-line Python scripts developed by Wooey OpenSource. Versions of Wooey 0.13.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the function addorupdatescript in the API Endpoint component’s file wooey/api/scripts.py, whi...

PT-2026-35349

A vulnerability has been found in likeadmin-likeshop likeadmin php up to 1.9.6. Affected by this issue is the function queryResult of the file serverappadminapiliststoolsDataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to be...

PT-2026-35390

A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function check auth of the file gateway/platforms/api server.py of the component API SERVER KEY Handler. The manipulation leads to improper authentication. The attack can be initiated remotely...

PT-2026-35443

ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...

PT-2026-35512

A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base url results in server-side request forgery. Remot...

Selenium Grid 4.11.0 Selenoid Backend Detection and Safe Session Validation Inspector

The provided Python script is a non-exploit reconnaissance and validation tool designed to identify Selenium Grid or Selenoid deployments exposed via HTTP APIs...

EUVD-2026-25877

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL...

BuildingAI 代码问题漏洞

BuildingAI is an enterprise-level open-source intelligence platform for individual developers, enabling the visualization configuration of AI applications. Versions of BuildingAI prior to 26.0.1 have code vulnerabilities; these vulnerabilities stem from the handling of the url parameter in the...