CVE-2026-7030

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and...

CVE-2026-7031 Tenda F456 SafeMacFilter fromSafeMacFilter buffer overflow

A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used...

EUVD-2026-25705

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and...

CVE-2026-7028

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be...

CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

CVE-2026-7018

Datavane Datavines (up to build 13607645e14a4982468cfdbcf75c85cde63bae71) exposes a vulnerability in the JWT Token Handler component, specifically in TokenManager.java. Manipulation of the tokenSecret parameter can cause use of a hard-coded cryptographic key. The issue is exploitable remotely wit...

EUVD-2026-25693

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

EUVD-2026-25688

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation...

CVE-2026-42255

Technitium DNS Server shows a vulnerability in versions before 15.0: DNS traffic amplification via cyclic name server delegation. The CVE-2026-42255 entry documents this issue (CVSS v3.1 base score 7.2, HIGH) with network-attack potential and no user interaction. Affected component is the DNS ser...

CVE-2026-7015 MaxSite CMS Guestbook Plugin cross site scripting

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

CVE-2026-7011

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/pluginantispam of the component Antispam Plugin. Executing a manipulation of the argument floggingfile can lead to cross site scripting. It is possible to launc...

EUVD-2026-25686

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

coze-studio 注入漏洞

Coze-Studio is an open-source one-stop AI intelligent agent development tool developed by Coze-Dev. Versions of Coze-Studio prior to 0.5.1 had a injection vulnerability. This vulnerability stems from the ExecuteSQL operation in the databaseTool component’s file...

PT-2026-35178

Name of the Vulnerable Software and Affected Versions MaxSite CMS versions prior to 109.4 Description A weakness in the Antispam Plugin component, specifically within the '/admin/plugin antispam' file, allows for remote cross-site scripting XSS. This occurs due to a lack of filtering via the...

Ambient P10 Central Management Software 安全漏洞

Ambient P10 Central Management Software is a management software developed by the American company Ambient, designed for centralized management and monitoring of the operating status of devices and systems. Version 1.4.13 of Ambient P10 Central Management Software contains a security vulnerabilit...

PT-2026-35203

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

yu-picture 注入漏洞

Yu-Picture is an intelligent cloud image library platform developed by Liyupi’s individual developers, designed for team collaboration. Yu-Picture has a vulnerability related to injection attacks. This vulnerability stems from improper handling of the sortField parameter in the PageRequest functi...

PT-2026-35223

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...

PT-2026-35240

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

PT-2026-35271

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...