585 matches found
PT-2026-22007
Name of the Vulnerable Software and Affected Versions z-9527 admin versions 1.0 through 2.0 Description A SQL injection issue exists in z-9527 admin. The issue is located in the checkName, register, login, getUser, and getUsers functions within the /server/controller/user.js file. This allows for...
CVE-2026-3052 DataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgery
A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...
CVE-2025-10970
CVE-2025-10970 applies to Kolay Software Inc. Talentics (through version 20022026). The issue is an SQL Injection in Talentics caused by improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Several sources (NVD/Red Hat/CVE listing) confirm the vulnerability d...
CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
PT-2026-8310
Name of the Vulnerable Software and Affected Versions Comfast CF-N1 V2 version 2.6.0.2 Description A remote command injection issue exists in Comfast CF-N1 V2 2.6.0.2. The issue is located in the sub 44AC4C function within the /cgi-bin/mbox-config file. Manipulation of the bandwidth argument in t...
CVE-2025-10912
Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not...
CVE-2025-7347
Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers.This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosur...
CVE-2025-10913 XSS in saastech.io's TemizlikYolda
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting XSS. This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about thi...
CVE-2025-10463
Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the releva...
CVE-2025-7708
CVE-2025-7708 describes Insertion of Sensitive Information Into Sent Data in Atlas Educational Software Industry Ltd. Co. K12net, affecting the k12net component up to version 09022026. The underlying issue is that sensitive information can be inserted into data that is sent, enabling potential co...
CVE-2026-2066 UTT 进取 520W formIpGroupConfig strcpy buffer overflow
A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-1802 Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection
A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...
PT-2026-6061
Name of the Vulnerable Software and Affected Versions Ziroom ZHOME A0101 version 1.0.1.0 Description A weakness exists in the Dropbear SSH Service component of Ziroom ZHOME A0101. This issue allows for the use of default credentials, potentially enabling remote exploitation. The exploitability is...
CVE-2026-1742
A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commitvpnclifileupload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit i...
CVE-2025-7013 IDOR in QRMenumPro's Menu Panel
Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers. This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
PT-2026-5308
A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci session leads to improper authorization. The attack may be performed from remote. The exploit has been...
CVE-2025-2204 XSS in Tapandsign Technologies' Tap&Sign App
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting XSS. This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about this disclosure but...
CVE-2025-4764
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosu...
CVE-2025-4764
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...