PT-2026-22362

Name of the Vulnerable Software and Affected Versions Homey BNB version 4 Description Homey BNB V4 contains an SQL injection flaw in the administration panel login. Unauthenticated attackers can bypass authentication by injecting SQL syntax into the username and password fields. Attackers can...

CVE-2025-67511 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...

CVE-2025-57254

An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System HMS 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL...

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...