CVE-2026-27595

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read...

CVE-2026-27598

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

PT-2026-21952

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description An issue in the API of Cisco Catalyst SD-WAN Manager, specifically within the Data Collection Agent DCA service, results from improper file handling and the incorrect us...

PT-2026-21996

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 18.9.1 Description A flaw exists in GitLab CE/EE that, under specific conditions, could allow an unauthenticated user to disrupt service by sending crafted requests to a CI jobs API endpoint. The issue involves...

PT-2026-21833

Name of the Vulnerable Software and Affected Versions Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 Description Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains security issues in the AI Agent API endpoint /apps/:appId/agent. Versions 7.3.0-alpha.42...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

PT-2026-21836

Name of the Vulnerable Software and Affected Versions Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 Description Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains an issue where the AI Agent API endpoint POST /apps/:appId lacks proper authorization...

Sz-Admin 安全漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of the parameter messageId in files/api/admin/sys-message/, which could lea...

PT-2026-21893

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicate post function in includes/api.php using $wpdb-insert directly to the wp postmeta table instead of WordPress's...

PT-2026-21974

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw exists in the Patient REST API endpoint where an authenticated user with API access can execute arbitrary S...

WordPress plugin The Events Calendar 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web API implementation, which listens on TCP po...

PT-2026-22052

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...

📄 FUX 1.2.8 Authentication Bypass / Remote Command Execution

This Python exploit targets CVE-2025-69985, an authentication bypass in FUXA web-based SCADA/HMI software that allows access to the protected /api/runscript endpoint even when authentication is enabled. By sending a crafted JavaScript payload using childprocess.execSync, it achieves full remote...

PT-2026-21966

Name of the Vulnerable Software and Affected Versions Angular SSR versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 Description Angular SSR, a server-side rendering tool for Angular applications, contains a Server-Side Request Forgery SSRF issue in its request handling pipeline. The...

PT-2026-36799

Name of the Vulnerable Software and Affected Versions Ollama versions prior to 0.17.1 Description A heap out-of-bounds read issue exists in the GGUF model loader. This occurs during quantization within the WriteTo function in fs/ggml/gguf.go and server/quantization.go when the server processes a...

Sz-Admin 安全漏洞

Sz-Admin is a mid-tier management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter userId in files/api/admin/sys-user/reset/password/, which could...

PT-2026-21957

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description Insufficient file system access restrictions could allow an unauthenticated remote attacker to view sensitive information on the underlying operating system. Exploitatio...

PT-2026-22057

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.29.2 Description Mailpit is an email testing tool and API for developers. A Server-Side Request Forgery SSRF issue exists in the Link Check API. This allows unauthenticated remote attackers to map internal networks...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...