CVE-2026-10688

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...

PT-2026-1207

Name of the Vulnerable Software and Affected Versions milvus versions up to 2.6.7 Description A security issue has been identified in milvus. The expr.Exec function within the pkg/util/expr/expr.go file, associated with the HTTP Endpoint component, is susceptible to deserialization due to...

EUVD-2025-28846

Malicious code in bioql PyPI...

Arbitrary Code Injection

Overview simstudio is a Sim Studio CLI - Run Sim Studio with a single command Affected versions of this package are vulnerable to Arbitrary Code Injection via the route.ts function. An attacker can execute arbitrary code by supplying crafted input to the code argument. Remediation A fix was pushe...

CVE-2025-10097

A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

CVE-2025-9768

A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely...

CVE-2025-9401

HuangDou UTCMS 9 is affected in the Login component (file app/modules/ut-frame/admin/login.php). The issue arises from manipulation of the code parameter, causing an incorrect comparison. It is exploitable remotely with high complexity, and exploitation is publicly disclosed. No patch/version fix...

PT-2025-33859 · Itsourcecode · Sports Club Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Sports Management System version 1.0. The issue is located in an unknown function within the /Admin/sports.php file. Manipulation of t...

PT-2025-26273 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical issue has been discovered, affecting an unknown part of the /admin/admin feature.php file. The manipulation of the product code argument leads to SQL injection. It is possibl...

PT-2025-3828 · Kaiyuantong · Kaiyuantong Ect Platform

Name of the Vulnerable Software and Affected Versions: KaiYuanTong ECT Platform versions up to 2.0.0 Description: A critical issue has been found in the HTTP POST Request Handler component of the affected software, specifically in the file /public/server/runCode.php. The manipulation of the code...