CVE-2026-2964 higuma web-audio-recorder-js Dynamic Config Handling WebAudioRecorder.js extend prototype pollution

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

CVE-2026-2963 Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-2963

Jinher OA C6 (up to 20260210) is affected by an injection in OfficeSupplyTypeRight.aspx via manipulation of id/offsnum leading to SQL injection. Remote attack possible; exploit publicly disclosed. Patch is recommended to address the issue.

PT-2026-21507

Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions up to 1.7.7-1711 Description A buffer overflow issue exists in the strcpy function within the /goform/setSysAdm file. The manipulation of the passwd1 argument can trigger this issue. This allows for remote exploitation...

Skill-Inject: Measuring Agent Vulnerability to Skill File Attacks

LLM agents are evolving rapidly, powered by code execution, tools, and the recently introduced agent skills feature. Skills allow users to extend LLM applications with specialized third-party code, knowledge, and instructions. Although this can extend agent capabilities to new domains, it creates...

Predicting Known Vulnerabilities from Attack News: A Transformer-Based Approach

Identifying the vulnerabilities exploited during cyberattacks is essential for enabling timely responses and effective mitigation in software security. This paper directly examines the process of predicting software vulnerabilities, specifically Common Vulnerabilities and Exposures CVEs, from...

PT-2026-21556

Name of the Vulnerable Software and Affected Versions ShuoRen Smart Heating Integrated Management Platform version 1.0.0 Description A flaw exists in ShuoRen Smart Heating Integrated Management Platform version 1.0.0, related to an unknown functionality within the file...

Linux Distros Unpatched Vulnerability : CVE-2025-14905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This...

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

PT-2026-21494

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiat...

PT-2026-21581

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. A NULL Pointer Dereference exists that allows remote, unauthenticated attackers...

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

CVE-2026-2867

A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

exploit-notes

🎯 Pentest Playbook Index Welcome to the comprehensive penetra...

CVE-2026-2954

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...

CVE-2019-25460

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

CVE-2026-2953 Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal

A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed...

CVE-2026-2939

A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /addstudent/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-2939

A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /addstudent/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-2939 itsourcecode Student Management System Add Student add_student cross site scripting

A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /addstudent/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...