1933 matches found
CVE-2026-5671
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...
EUVD-2026-19388
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
CVE-2026-35045
The CVE-2026-35045 vulnerability affects Tandoor Recipes up to version 2.6.3. The PUT /api/recipe/batch_update/ endpoint lets any authenticated user within a Space modify any recipe (including private ones), bypassing object-level checks on PUT /api/recipe/{id}/. This enables forced exposure of p...
CVE-2026-5671 Cyber-III Student-Management-System Class Schedule Deletion Endpoint delete_batch.php cross site scripting
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...
CVE-2026-5671 Cyber-III Student-Management-System Class Schedule Deletion Endpoint delete_batch.php cross site scripting
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...
CVE-2026-5671
CVE-2026-5671 affects Cyber-III Student-Management-System (up to 1a938fa61e9f735078e9b291d2e6215b4942af3f). The vulnerability is in the Class Schedule Deletion Endpoint, specifically the file /admin/class%20schedule/delete_batch.php, where manipulating the argument batch enables cross-site script...
EUVD-2026-19349
vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...
CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...
EUVD-2026-19217
A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $SERVER'PHPSELF' results in cross site scripting...
CVE-2026-5644
A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $SERVER'PHPSELF' results in cross site scripting...
CVE-2026-5644
A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $SERVER'PHPSELF' results in cross site scripting...
CVE-2026-5644 Cyber-III Student-Management-System batch-notice.php cross site scripting
A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $SERVER'PHPSELF' results in cross site scripting...
CVE-2026-5644
CVE-2026-5644 is a remote cross-site scripting flaw in Cyber-III Student-Management-System affecting an unknown function in /admin/Add%20notice/batch-notice.php. The issue arises from manipulating $_SERVER['PHP_SELF'], enabling a user-accessible XSS vulnerability. The description notes no version...
CVE-2026-5644 Cyber-III Student-Management-System batch-notice.php cross site scripting
A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $SERVER'PHPSELF' results in cross site scripting...
PT-2026-30684
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch update/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private b...
PT-2026-30689
Name of the Vulnerable Software and Affected Versions Cyber-III Student-Management-System affected versions not specified Description A cross-site scripting issue exists due to manipulation of the batch argument in the Class Schedule Deletion Endpoint, specifically within the file...
Student-Management-System 代码注入漏洞
Student-Management-System is an open-source student information management system developed by Cyber-III. The Student-Management-System has a code injection vulnerability, which stems from incorrect handling of the "batch" parameter in the file admin/class%20schedule/deletebatch.php. This...
Tandoor Recipes 安全漏洞
Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.4 contained security vulnerabilities. These vulnerabilities stemmed from a bypass of object-level authorization checks at the PU...