EUVD-2026-20715

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-20785

A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/dashboard/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in...

CVE-2026-5825

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and ma...

PT-2026-31592

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security issue exists in Totolink A7100RU 7.4cu.2313 b20191024. The setIpv6LanCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component is susceptible to os comma...

Follow My Eyes: Backdoor Attacks on VLM-Based Scanpath Prediction

Scanpath prediction models forecast the sequence and timing of human fixations during visual search, driving foveated rendering and attention-based interaction in mobile systems where their integrity is a first-class security concern. We present the first study of backdoor attacks against VLM-bas...

PT-2026-31588

Name of the Vulnerable Software and Affected Versions Tenda i12 version 1.0.0.113862 Description A path traversal issue exists in the HTTP Handler component of Tenda i12 version 1.0.0.113862. A remote attacker can exploit this by manipulating the system, potentially leading to unauthorized access...

PT-2026-31590

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security flaw exists in the CGI Handler component of Totolink A7100RU 7.4cu.2313 b20191024. The setUPnPCfg function within the /cgi-bin/cstecgi.cgi file is susceptible to os command...

PT-2026-31636

A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The...

Hydrosystem Control System SQL注入漏洞

Hydrosystem Control System is an industrial water treatment and fluid control monitoring system developed by the American company Hydrosystem. Versions of Hydrosystem Control System prior to 9.8.5 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of protective...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from a heap buffer overflow issue in the processing of DTLS 1.3 ACK messages...

PT-2026-31557

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and ma...

LXD 安全漏洞

LXD is a Canonical open-source container-based system for managing applications on Linux systems. Versions of LXD from 4.12 to 6.7 have security vulnerabilities. These vulnerabilities stem from the lack of validation of the Type field in the doCertificateUpdate function when handling PUT/PATCH...

ACIArena: Toward Unified Evaluation for Agent Cascading Injection

Collaboration and information sharing empower Multi-Agent Systems MAS but also introduce a critical security risk known as Agent Cascading Injection ACI. In such attacks, a compromised agent exploits inter-agent trust to propagate malicious instructions, causing cascading failures across the...

TaskFlow AI 操作系统命令注入漏洞

TaskFlow AI is an AI thinking flow orchestration and visualization engine developed by Agions’ individual developers. Versions of TaskFlow AI such as 2.1.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from an unknown function in t...

PT-2026-31587

Name of the Vulnerable Software and Affected Versions jeecgboot JimuReport versions up to 2.3.0 Description A code injection issue exists in the Data Source Handler component of jeecgboot JimuReport, specifically within the DriverManager.getConnection function located in the...

📄 Microsoft Malware Protection Engine Type Confusion

Microsoft Malware Protection Engine type confusion vulnerability proof of concept exploit for an older vulnerability from 2017. ================================================================================================================================== | Title : Microsoft Malware Protection...

Linux Distros Unpatched Vulnerability : CVE-2026-5875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security...

Linux Distros Unpatched Vulnerability : CVE-2026-5896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbo...

Linux Distros Unpatched Vulnerability : CVE-2026-5903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypas...

CVE-2026-5824 code-projects Simple Laundry System userchecklogin.php sql injection

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed public...