192455 matches found
EUVD-2026-10274
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...
PT-2026-24053
Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions up to 1.7.7-1711 Description A security flaw exists in UTT HiPER 810G up to version 1.7.7-1711. The issue is related to a buffer overflow in the strcpy function located in the /goform/getOneApConfTempEntry file. Remote...
Apache Airflow Log Message Disclosure Vulnerability
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a log information disclosure vulnerability. An...
SoK: Harmonizing Attack Graphs and Intrusion Detection Systems
Detecting and responding to cyber attacks is increasingly difficult as high-volume, complex network traffic allows threats to remain concealed. While Intrusion Detection Systems IDSs identify anomalous behavior, Attack Graphs AGs serve as the primary threat model for analyzing attacker strategies...
Taipower APP 信任管理问题漏洞
Taipower APP is an application developed by Taipower Company in Taiwan, China, used for handling electricity-related services. The Taipower APP has a vulnerability related to trust management, which stems from improper certificate verification. This vulnerability may lead to man-in-the-middle...
Atop EHG2408 安全漏洞
Atop EHG2408 is a series of Ethernet switches produced by the Chinese company Atop. There is a security vulnerability present in Atop EHG2408; this vulnerability stems from improper input validation in the nr modem, which can lead to system crashes and may allow for remote denial-of-service attac...
SlowBA: An Efficiency Backdoor Attack Towards VLM-Based GUI Agents
Modern vision-language-model VLM based graphical user interface GUI agents are expected not only to execute actions accurately but also to respond to user instructions with low latency. While existing research on GUI-agent security mainly focuses on manipulating action correctness, the security...
PT-2026-24109
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI SECRET KEY leads to insufficiently random values. It is possible to launch the...
PT-2026-24025
A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsome number, but this parameter is not properly validated, allowing an attacker to modify it t...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-005918)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005918 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...
PT-2026-36813
Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.66 Description A timing attack against mod auth digest allows a remote attacker to bypass Digest authentication. A timing attack is a side-channel attack where the attacker attempts to compromise a system by...
PT-2026-24136
Name of the Vulnerable Software and Affected Versions Pocket ID versions 2.0.0 through 2.4.0 Description A flaw in callback URL validation allowed crafted redirect uri values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a user into opening a...
CVE-2026-3786
A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...
CVE-2026-3771
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...
CVE-2026-3771
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...
EUVD-2026-10268
A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /attsingleview.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...
CVE-2026-3767 itsourcecode sanitize or validate this input teacher-attendance.php sql injection
A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacherid can lead to sql injection. The attack may be launched remotely. The exploit has been ma...
CVE-2026-3662
A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
Malicious code in aioutil3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cb06e8bed4bc80c83b203abcee07556086a0c41f2b52d72d4a3b3740ddfa95d0 This is a malicious clone of legitimate python-utils. The modified code introduces a function that silently exfiltrates given data to a hardcoded location. Wha...
CVE-2026-3764
A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...