PT-2026-35834

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 147.0.7727.138 Description A use after free issue in Views allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free is a memory corruption flaw that occu...

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the e-mail parameter in the Login function of the...

CVE-2026-40355

In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...

CVE-2026-40977

When an application is configured to use ApplicationPidFileWriter, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16,...

CVE-2026-40972

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...

CVE-2026-40972

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...

EUVD-2026-25936

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...

CVE-2026-40972

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...

CVE-2026-40972

The CVE-2026-40972 involves a Timing Attack on the DevTools remote secret comparison in Spring Boot. An attacker on the same network can measure timing differences when the remote secret is compared, enabling character-by-character deduction of the secret. In extreme cases this could allow upload...

EUVD-2026-25934

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=saveproduct. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-7194

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=saveproduct. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-7183 aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp DecodeRlsMessage uncaught exception

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

CVE-2026-7178 ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

CVE-2026-7178

ChatGPTNextWeb NextChat (up to version 2.16.1) contains a vulnerability in the Artifacts Endpoint: the storeUrl function in app/api/artifacts/route.ts can be manipulated via the argument ID to trigger server-side request forgery. This flaw is exploitable remotely over the network; exploitation ap...

Directory Traversal

Overview kaggle-mcp is an A MCP server for kaggle apis Affected versions of this package are vulnerable to Directory Traversal via the preparekaggledataset function in src/kagglemcp/server.py when processing the competitionid argument. An attacker can access arbitrary files on the server by...

CVE-2026-7158 dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

CVE-2026-7156 Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

CVE-2026-7154 Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument ttyserver can lead to os command injection. The attack can be launched...

CVE-2026-6996

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made availab...

CVE-2026-7002

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/getmessageajax.php of the component Private Message Handler. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the...