PT-2026-32274

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

PT-2026-32335

Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php...

CVE-2026-31282

Totara LMS versions up to 19.1.5 are affected by a login-page misissue described as Incorrect Access Control, where the login form can be revealed through manipulated login page code. This can be combined with missing rate-limiting on the login form to enable brute-force attacks. Documents confir...

Amazon Linux 2023 : dovecot, dovecot-devel, dovecot-mysql (ALAS2023-2026-1570)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1570 advisory. Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the...

CVE-2026-6136 Tenda F451 L7Im frmL7ImForm stack-based overflow

A security vulnerability has been detected in Tenda F451 1.0.0.7cnsvn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2019-25705 Echo Mirage 3.1 Stack Buffer Overflow via Rules Action Field

Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries a...

CVE-2019-25693

CVE-2019-25693 – ResourceSpace 8.6 SQL injection : An authenticated attacker can inject malicious SQL via the keywords parameter in collection_edit.php (also noted as collection edit.php in some sources), enabling execution of arbitrary queries and extraction of sensitive data such as schema info...

CVE-2019-25693 ResourceSpace 8.6 SQL Injection via collection_edit.php

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collectionedit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to...

CVE-2026-6126

CVE-2026-6126 affects zhayujie chatgpt-on-wechat CowAgent 2.0.4. The weakness resides in an unknown function of the Administrative HTTP Endpoint, leading to missing authentication. It can be triggered remotely, and the exploit has been made public. Multiple sources note that the project was alert...

CVE-2026-6126

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been made...

GHSA-R5V8-C28H-F8R8 MetaGPT affected by server-side request forgery in metagpt/utils/common.py

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

GHSA-XR7V-M9PX-Q4QJ MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-6109

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

VulnCheck KEV: CVE-2026-32201

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

PT-2026-32169

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

CowAgent 访问控制错误漏洞

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Version 2.0.4 of CowAgent contains a vulnerability related to access control. This vulnerability stems from the lack of authentication in the Administrative HTTP Endpoint component, whi...

PT-2026-32154

A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

Exploit for Path Traversal in Gogs

GOGS RCE cve-2025-8110 Gogs is a lightweight and self-hosted...