CVE-2026-9411

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

PT-2026-42989

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer name results in cross...

SB Admin SQL注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin suffers from an SQL injection vulnerability that stems from the operation of the function confirmloggedin on the parameter ID in the file /studentdel.php, which could lead to SQL...

Edimax BR-6478AC 命令注入漏洞

Edimax BR-6478AC is a dual-band Gigabit router from China Xunzhou Edimax. Edimax BR-6478AC version 1.23 suffers from a command injection vulnerability, which originates from the operation of the function formiNICbasic in the file /goform/formiNICbasic in the POST Request Handler component, on the...

Markdown Downloader MCP Server 路径遍历漏洞

Markdown Downloader MCP Server is a web-to-Markdown downloader from the individual developer Darren Bennett. A path traversal vulnerability exists in Markdown Downloader MCP Server, which originates from the operation of the function downloadmarkdown/listdownloadedfiles/createsubdirectory in the...

Edimax BR-6478AC 命令注入漏洞

Edimax BR-6478AC is a dual-band Gigabit router from China Xunzhou Edimax. A command injection vulnerability exists in Edimax BR-6478AC version 1.23, which originates from the operation of the function formAccept on the parameter submit-url in the file /goform/formAccept in the POST Request Handle...

PT-2026-43116

A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...

PT-2026-42982

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer name/category results in sql injection. The...

Edimax BR-6478AC 安全漏洞

Edimax BR-6478AC is a dual-band Gigabit router from China Xunzhou Edimax. A security vulnerability exists in Edimax BR-6478AC version 1.23, which originates from the operation of the function formL2TPSetup in the file /goform/formL2TPSetup in the POST Request Handler component/goform/formL2TPSetu...

PT-2026-43084

A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirm logged in of the file student trans.php. Such manipulation of the argument FIRST NAME/Last Name/EMAIL leads to sql injection. It is...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the function setL2tpServerCfg on the parameter enable in the Web Management...

PT-2026-43050

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly...

Jimeng MCP 路径遍历漏洞

Jimeng MCP is an MCP server for cc individual developers that integrates i.e. Dream AI image and video generation. Jimeng MCP version 1.10.0 has a path traversal vulnerability , the vulnerability stems from the file src/api.ts function getFileContent/uploadCoverFile/generateImage/generateVideo on...

PT-2026-43017

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

Edimax BR-6675nD 命令注入漏洞

Edimax BR-6675nD is a dual-band broadband wireless router from China Xunzhou Edimax. A command injection vulnerability exists in Edimax BR-6675nD version 1.12, which originates from the operation of the function stainfo on the parameter interface in the file /goform/stainfo, which could lead to...

PT-2026-43082

A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/index.ts. The manipulation of the argument projectPath results in path traversal. The attack may be...

Edimax EW-7438RPn 安全漏洞

The Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Xunzhou Edimax Corporation. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from the operation of the function formLogout in the file /goform/formLogout on the parameter submit-url...

Tenda F1202 安全漏洞

The Tenda F1202 is a dual-band Wi-Fi router with fifth-generation technology from Tenda, China. A security vulnerability exists in the Tenda F1202 version 1.2.0.20408, which originates from the operation of the function fromPptpUserAdd in the file /goform/PptpUserAdd on the parameter opttype, whi...

SourceCodester Simple POS and Inventory System SQL注入漏洞

SourceCodester Simple POS and Inventory System is SourceCodester open source a simple POS and inventory system . SourceCodester Simple POS and Inventory System version 1.0 suffers from a SQL injection vulnerability that originates from the manipulation of parameter IDs by unknown functions in the...

Alibaba Cloud Linux 3 : 0135: resource-agents (ALINUX3-SA-2026:0135)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0135 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-30922: pyasn1 is a generic ASN.1 library f...