CVE-2026-4582

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attac...

CVE-2026-28809

CVE-2026-28809 is an XXE vulnerability in esaml and forks where attacker-controlled SAML messages are parsed with xmerl_scan:string/2 before signature verification, allowing local file reads (e.g., Kubernetes secrets) and potential SSRF via crafted messages. The issue stems from XML entity expans...

websec-audit

🔐 websec-audit Professional Web Security Audit Framework...

CVE-2026-4580 code-projects Simple Laundry System Parameters checkupdatestatus.php sql injection

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The...

CVE-2026-4580

The CVE-2026-4580 entry concerns code-projects Simple Laundry System 1.0, where the /checkupdatestatus.php endpoint in the Parameters Handler is vulnerable. The issue arises from manipulating the serviceId parameter, enabling SQL injection. The vulnerability is described as exploitable remotely, ...

CVE-2026-32595

A flaw was found in Traefik. An unauthenticated attacker can exploit a timing attack vulnerability in the BasicAuth middleware. By observing the time it takes for the middleware to respond, an attacker can determine if a submitted username is valid or not. This information disclosure allows for...

CVE-2026-4575 code-projects Exam Form Submission update_s2.php cross site scripting

A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/updates2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-4573

A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...

CVE-2026-4603

CVE-2026-4603 affects jsrsasign versions before 11.1.1. The vulnerability stems from the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js, which can cause division by zero and collapse RSA public-key operations (e.g., verify/encrypt) to d...

CVE-2026-4566

A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be...

EUVD-2026-14347

A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be...

CVE-2026-4562

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...

PT-2026-27106

Name of the Vulnerable Software and Affected Versions Shenzhen HCC Technology MPOS M6 PLUS version 1V.31-N Description The Bluetooth Handler component in Shenzhen HCC Technology MPOS M6 PLUS version 1V.31-N contains a flaw that allows authentication bypass via capture-replay attacks originating...

PT-2026-27131

Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causin...

PT-2026-27185

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The objects/pluginRunDatabaseScript.json.php API endpoint accepts a name parameter via POST and passes it to the Plugin::getDatabaseFileName function...

maccms 访问控制错误漏洞

MacCMS is a comprehensive and powerful website building system developed under the PHP+MySQL environment by MagicBlack. Version MacCMS 2025.1000.4052 contains a security vulnerability related to access control. This vulnerability stems from the lack of authentication for the Timming API Endpoint...

Cuantis SQL注入漏洞

Cuantis is a platform for data analysis and visualization developed by the Colombian company Cuantis. Cuantis has a SQL injection vulnerability, which stems from improper handling of the search parameter in the /search.php endpoint. This vulnerability may lead to SQL injection attacks...

PT-2026-27208

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...

Siemens APE1808 Improper Neutralization of Input During Web Page Generation (CVE-2025-0133)

A reflected cross-site scripting XSS vulnerability in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The...

PT-2026-27104

A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attac...