CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

CVE-2026-4957

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: fastjson (UTSA-2026-005331)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005331 advisory. The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is...

EUVD-2018-11714

Malware in sbrugna...

CVE-2025-8800 Open5GS AMF esm-handler.c esm_handle_pdn_connectivity_request denial of service

A vulnerability has been found in Open5GS up to 2.7.5. Affected by this issue is the function esmhandlepdnconnectivityrequest of the file src/mme/esm-handler.c of the component AMF Component. The manipulation leads to denial of service. The attack may be launched remotely. Upgrading to version...

CVE-2024-13130

A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to...

CVE-2025-4286 Intelbras InControl Dispositivos Edição Page credentials storage

A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to...

CVE-2025-3328

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function formfastsettingwifiset of the file /goform/fastsettingwifiset. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely...

AVM FRITZ!Box 7530 AX 安全漏洞

AVM FRITZ!Box 7530 AX is a phone system from AVM for modern IP-based connectivity. A security vulnerability exists in AVM FRITZ!Box 7530 AX version v7.59 that stems from improper access control. An attacker could exploit the vulnerability to gain access to sensitive information...

PT-2024-17925 · Unknown · Phpgurukul Land Record System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Land Record System version 1.0 Description: A problem has been found in the code of the file /admin/contactus.php. The manipulation of the Page Description argument leads to cross-site scripting. The attack can be initiated remotel...

CVE-2024-12842

A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclose...

CVE-2024-2071

A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question leads to cross site scripting. The attack...

Add members to the not yet created community

Lines of code Vulnerability details Impact There is a addMember function in the Community. The function accepts data that should be signed by the community.owner and newMemberAddr. // Compute hash from bytes bytes32 hash = keccak256data; // Decode params from data uint256 communityID, address...

CVE-2022-1753 WoWonder Group requests.php access control

A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument groupid allows posting messages in other groups. It is possible to launch the attack remotely but it might...

DEBIAN-CVE-2020-14776

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/manageTagmins.php?configpath' Remote File Inclusion

source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other...

Microsoft ActiveSync WideCharToMultiByte() Function NULL Dereference Remote DoS

The remote service probably ActiveSync could be crashed by sending it a malformed packet advertising a wrong content-length. An attacker may use this flaw to disable this service remotely. It is not clear at this time if this vulnerability can be used to execute arbitrary code on this host,...