CVE-2026-7030

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and...

CVE-2026-7031 Tenda F456 SafeMacFilter fromSafeMacFilter buffer overflow

A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used...

EUVD-2026-25705

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and...

CVE-2026-7028

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be...

CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

EUVD-2026-25693

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

CVE-2026-7018

Datavane Datavines (up to build 13607645e14a4982468cfdbcf75c85cde63bae71) exposes a vulnerability in the JWT Token Handler component, specifically in TokenManager.java. Manipulation of the tokenSecret parameter can cause use of a hard-coded cryptographic key. The issue is exploitable remotely wit...

EUVD-2026-25688

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation...

CVE-2026-42255

Technitium DNS Server shows a vulnerability in versions before 15.0: DNS traffic amplification via cyclic name server delegation. The CVE-2026-42255 entry documents this issue (CVSS v3.1 base score 7.2, HIGH) with network-attack potential and no user interaction. Affected component is the DNS ser...

CVE-2026-7015 MaxSite CMS Guestbook Plugin cross site scripting

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

CVE-2026-7011

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/pluginantispam of the component Antispam Plugin. Executing a manipulation of the argument floggingfile can lead to cross site scripting. It is possible to launc...

EUVD-2026-25686

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

PT-2026-35240

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

coze-studio 注入漏洞

Coze-Studio is an open-source one-stop AI intelligent agent development tool developed by Coze-Dev. Versions of Coze-Studio prior to 0.5.1 had a injection vulnerability. This vulnerability stems from the ExecuteSQL operation in the databaseTool component’s file...

Ambient P10 Central Management Software 安全漏洞

Ambient P10 Central Management Software is a management software developed by the American company Ambient, designed for centralized management and monitoring of the operating status of devices and systems. Version 1.4.13 of Ambient P10 Central Management Software contains a security vulnerabilit...

SMSI: System Model Security Inference: Automated Threat Modeling for Cyber-Physical Systems

Threat modeling for cyber-physical systems CPS remains a largely manual exercise. This project presents SMSI System Model Security Inference, a hybrid neuro-symbolic pipeline that starts from a SysML architecture model and produces a prioritized list of NIST 800-53 security controls. The prototyp...

PT-2026-35178

Name of the Vulnerable Software and Affected Versions MaxSite CMS versions prior to 109.4 Description A weakness in the Antispam Plugin component, specifically within the '/admin/plugin antispam' file, allows for remote cross-site scripting XSS. This occurs due to a lack of filtering via the...

PT-2026-35203

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

PT-2026-35223

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...

PT-2026-35235

A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published a...