CVE-2026-3800

SourceCodester/janobe Resort Reservation System 1.0 is affected by CVE-2026-3800. The vulnerability lies in the doInsert function of /controller.php?action=add, where manipulation of the image argument enables unrestricted file upload. This could allow remote attackers to upload arbitrary files. ...

PT-2026-24119

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.13.7 and 1.14.3 Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be exploited to inject configuration into nginx. This can result...

SourceCodester Resort Reservation System 代码问题漏洞

The SourceCodester Resort Reservation System is an open-source resort reservation system developed by SourceCodester. Version 1.0 of the SourceCodester Resort Reservation System has code-related vulnerabilities. These vulnerabilities stem from incorrect handling of parameters in the file...

PT-2026-24009

Name of the Vulnerable Software and Affected Versions SourceCodester/janobe Resort Reservation System version 1.0 Description A flaw exists that allows unrestricted file uploads. This is due to improper handling of the image argument within the doInsert function located in the...

CVE-2026-3733

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

CVE-2026-3733

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

CVE-2026-3733

CVE-2026-3733 affects xuxueli xxl-job up to 3.3.2. The vulnerability resides in an unspecified function within JobInfoController.java and enables server-side request forgery. The issue appears exploitable remotely, and public exploit code is available. Documentation describes an access control st...

CVE-2026-3733

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

CVE-2026-3733 xuxueli xxl-job JobInfoController.java server-side request forgery

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

EUVD-2026-10220

A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The...

XXL-JOB 代码问题漏洞

XXL-JOB is a distributed task scheduling platform developed by Xuxueli. Versions of xxl-job 3.3.2 and earlier have code vulnerabilities. These vulnerabilities stem from operations on unknown functions in the JobInfoController.java file, which may lead to server-side request forgery attacks...

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

CVE-2026-20127-Cisco SD-WAN Pre-Authentication Remote Code Exe...

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

CVE-2026-20127-Cisco SD-WAN Pre-Authentication Remote Code Exe...

EUVD-2026-10096

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

WordPress plugin MDJM Event Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Unverified Ownership

Overview miraheze/ts-portal is a Portal for handling and managing the investigation lifecycle for Trust and Safety at the WikiTide Foundation Affected versions of this package are vulnerable to Unverified Ownership due to the evidence handling in DPAController::store within...

WindMill 路径遍历漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...

Ubuntu: Security Advisory (USN-8073-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VulnCheck KEV: CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...