192467 matches found
OESA-2026-1309 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...
OESA-2026-1308 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...
OESA-2026-1307 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...
CVE-2026-2054
A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...
CVE-2026-2054
A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...
CVE-2026-2055 D-Link DIR-605L/DIR-619L DHCP Client Information information disclosure
A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made...
CVE-2026-2055
D-Link DIR-605L/DIR-619L routers (versions 2.06B01 and 2.13B01) contain a weakness in the DHCP Client Information Handler. Manipulation of this component can lead to information disclosure. The attack is remote, and an exploit is publicly available. These products are no longer supported by the m...
CVE-2026-2018 itsourcecode School Management System controller.php sql injection
A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2026-2012
The CVE-2026-2012 vulnerability affects itsourcecode Student Management System 1.0. The flaw is a SQL injection caused by manipulation of the ID argument in /ramonsys/facultyloading/index.php, enabling remote exploitation. Public disclosures exist for the exploit. Remediation guidance across sour...
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index PyPI repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the tw...
davids-xss-attack-defense
XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...
CVE-2026-2009
The vulnerability CVE-2026-2009 affects SourceCodester Gas Agency Management System 1.0. It targets the file /gasmark/php_action/createUser.php, where improper access controls allow manipulation that enables unauthorized account creation. Exploitation appears remote and an exploit has been publis...
CVE-2026-1991
A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...
CVE-2026-1998
A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mpimportall of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name:...
EUVD-2026-5585
A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...
CVE-2026-1991
A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the ResolveNodeIdToIp function in the SMF component. An attacker can cause a service disruption by sending specially crafted requests remotely. Remediation Upgrade...
CVE-2026-1975 Free5GC pfcp_reports.go identityTriggerType null pointer dereference
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcpreports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks...
CVE-2026-1892
A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...
CVE-2025-68643
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...