EcclesiaCRM 安全漏洞

EcclesiaCRM is a customer relationship management software for church management, developed by the French individual phili67. Versions of EcclesiaCRM 8.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the custom parameter in the...

OpenAEV 安全漏洞

OpenAEV is an open-source personal planning platform under the OpenAEV Platform project. Versions of OpenAEV from 1.0.0 to 2.0.13 contained security vulnerabilities. This vulnerability stemmed from the fact that password reset tokens did not expire and had a length of only 8 bits. This allowed...

PT-2026-33691

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create upload file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

PT-2026-33728

A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initia...

PT-2026-33720

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete agent/stop schedule/get schedule data of the file superagi/controllers/agent.py. The manipulation of the argument agent id leads to authorization bypass. The attack is possible to be carrie...

PT-2026-33757

A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool call of the file apps/experimental/tools webhook/app.py of the component tools webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be...

PT-2026-33774

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...

PT-2026-33781

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

Joern 4.0.524

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-33725

Name of the Vulnerable Software and Affected Versions EasyFlow .NET affected versions not specified Description EasyFlow .NET developed by Digiwin contains a SQL Injection flaw. This allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database...

ROS-20260420-73-0046

Vulnerability in incus related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260420-73-0008

A vulnerability in the PKCS12itemdecryptd2iex function of the OpenSSL library is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260420-73-0026

Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

ROS-20260420-73-0040

Vulnerability in beats related to uncontrolled memory allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260420-73-0027

Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

ROS-20260420-73-0023

Vulnerability in python-aiohttp related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

HP Color LaserJet Path Traversal (CVE-2006-1654)

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. dot dot in an HTTP GET request to TCP port 5225. This plugin only works with Tenable.ot. Please vis...

F5 Networks BIG-IP : Intel UEFI vulnerability (K000160902)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000160902 advisory. Improper input validation in the UEFI WheaERST module for some IntelR reference platforms may allow an escalation of...

CVE-2026-6579 liangliangyy DjangoBlog Clean Endpoint views.py missing authentication

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...

EUVD-2026-23707

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...