CVE-2026-3793

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...

EUVD-2026-10276

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

EUVD-2026-10274

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

Atop EHG2408 安全漏洞

Atop EHG2408 is a series of Ethernet switches produced by the Chinese company Atop. There is a security vulnerability present in Atop EHG2408; this vulnerability stems from improper input validation in the nr modem, which can lead to system crashes and may allow for remote denial-of-service attac...

PT-2026-36813

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.66 Description A timing attack against mod auth digest allows a remote attacker to bypass Digest authentication. A timing attack is a side-channel attack where the attacker attempts to compromise a system by...

Apache Airflow Log Message Disclosure Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a log information disclosure vulnerability. An...

SoK: Harmonizing Attack Graphs and Intrusion Detection Systems

Detecting and responding to cyber attacks is increasingly difficult as high-volume, complex network traffic allows threats to remain concealed. While Intrusion Detection Systems IDSs identify anomalous behavior, Attack Graphs AGs serve as the primary threat model for analyzing attacker strategies...

Taipower APP 信任管理问题漏洞

Taipower APP is an application developed by Taipower Company in Taiwan, China, used for handling electricity-related services. The Taipower APP has a vulnerability related to trust management, which stems from improper certificate verification. This vulnerability may lead to man-in-the-middle...

PT-2026-24053

Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions up to 1.7.7-1711 Description A security flaw exists in UTT HiPER 810G up to version 1.7.7-1711. The issue is related to a buffer overflow in the strcpy function located in the /goform/getOneApConfTempEntry file. Remote...

SlowBA: An Efficiency Backdoor Attack Towards VLM-Based GUI Agents

Modern vision-language-model VLM based graphical user interface GUI agents are expected not only to execute actions accurately but also to respond to user instructions with low latency. While existing research on GUI-agent security mainly focuses on manipulating action correctness, the security...

PT-2026-24109

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI SECRET KEY leads to insufficiently random values. It is possible to launch the...

PT-2026-24025

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsome number, but this parameter is not properly validated, allowing an attacker to modify it t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-005918)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005918 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...

PT-2026-24136

Name of the Vulnerable Software and Affected Versions Pocket ID versions 2.0.0 through 2.4.0 Description A flaw in callback URL validation allowed crafted redirect uri values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a user into opening a...

CVE-2026-3786

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

CVE-2026-3771

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

CVE-2026-3771

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

EUVD-2026-10268

A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /attsingleview.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-3767 itsourcecode sanitize or validate this input teacher-attendance.php sql injection

A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacherid can lead to sql injection. The attack may be launched remotely. The exploit has been ma...

CVE-2026-3662

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...