192407 matches found
CVE-2026-2206
A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...
EUVD-2026-5823
A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...
CVE-2026-2205
A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...
CVE-2026-2120 D-Link DIR-823X Configuration Parameter set_server_settings os command injection
A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...
Rethinking Latency Denial-Of-Service: Attacking the LLM Serving Framework, Not the Model
Large Language Models face an emerging and critical threat known as latency attacks. Because LLM inference is inherently expensive, even modest slowdowns can translate into substantial operating costs and severe availability risks. Recently, a growing body of research has focused on algorithmic...
PT-2026-6944
Name of the Vulnerable Software and Affected Versions Wekan versions up to 8.20 Description A flaw exists in Wekan that could allow information disclosure. This issue impacts an unspecified part of the server/publications/cards.js file within the Meteor Publication Handler component. The attack c...
RECUR: Resource Exhaustion Attack Via Recursive-Entropy Guided Counterfactual Utilization and Reflection
Large Reasoning Models LRMs employ reasoning to address complex tasks. Such explicit reasoning requires extended context lengths, resulting in substantially higher resource consumption. Prior work has shown that adversarially crafted inputs can trigger redundant reasoning processes, exposing LRMs...
Code-Projects Contact Management System SQL注入漏洞
Code-Projects Contact Management System is an open-source contact management system developed by Code-Projects. Version 1.0 of the Code-Projects Contact Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter selecteditem0 in the...
PT-2026-7020
Name of the Vulnerable Software and Affected Versions Tenda RX3 version 16.03.13.11 Description A flaw exists in the fromSetIpMacBind function within the /goform/SetIpMacBind file. Manipulation of the argument list can trigger a stack-based buffer overflow. This issue can be exploited remotely. T...
Code-Projects Online Application System for Admission SQL注入漏洞
Code-Projects Online Application System for Admission is an online application system developed by Code-Projects. Version 1.0 of the Code-Projects Online Application System for Admission contains a SQL injection vulnerability. This vulnerability stems from incorrect operations with the...
Evasion of IoT Malware Detection Via Dummy Code Injection
The Internet of Things IoT has revolutionized connectivity by linking billions of devices worldwide. However, this rapid expansion has also introduced severe security vulnerabilities, making IoT devices attractive targets for malware such as the Mirai botnet. Power side-channel analysis has...
PT-2026-6962
Name of the Vulnerable Software and Affected Versions projectworlds Online Food Ordering System version 1.0 Description A flaw exists in projectworlds Online Food Ordering System version 1.0, specifically within an unknown function of the /view-ticket.php file. Manipulation of the ID argument can...
PT-2026-7019
Name of the Vulnerable Software and Affected Versions Tenda RX3 version 16.03.13.11 Description A flaw exists in Tenda RX3 version 16.03.13.11 related to buffer overflow. The issue is located in the set device name function within the /goform/setBlackRule file, part of the MAC Filtering...
PT-2026-6985
Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.33.05 Description A buffer overflow issue exists in the fromSetWifiGusetBasic function within the /goform/WifiGuestSet file of the httpd component. The shareSpeed argument can be manipulated to trigger this issue,...
CVE-2026-2115
A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/deleteexpenses.php. This manipulation of the argument expensesid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published...
CVE-2026-2116
CVE-2026-2116 affects itsourcecode Society Management System 1.0. An SQL injection vulnerability exists in the admin/edit_expenses.php file triggered by manipulating the expenses_id argument, with remote access possible. Multiple sources confirm the flaw and public exploitation has been disclosed...
CVE-2026-2115 itsourcecode Society Management System delete_expenses.php sql injection
A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/deleteexpenses.php. This manipulation of the argument expensesid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published...
CVE-2025-15564 Mapnik value.cpp operator divide by zero
A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod::operator of the file src/value.cpp. The manipulation leads to divide by zero. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used...
CVE-2026-2106
The CVE-2026-2106 entry relates to yeqifu warehouse, affecting the Notice Management component. The exposed flaw is in NoticeController.java functions addNotice, updateNotice, deleteNotice, and batchDeleteNotice, causing improper authorization and enabling remote exploitation. Publicly disclosed ...
CVE-2026-2105 yeqifu warehouse Department Management DeptController.java deleteDept improper authorization
A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management...