PT-2026-45553

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launc...

PT-2026-45664

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

PT-2026-45396

A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out...

PT-2026-45269

A vulnerability was detected in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login check.php of the component Login. Performing a manipulation of the argument Username results in sql injection...

PT-2026-45248

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

PT-2026-45393

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create generic name of the file /ShowForm/create generic name/main. The manipulation of the argument generic name results in cross site scripting. The attack may be launche...

PT-2026-45663

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora path leads to reachable assertion. The attack can be launched...

PT-2026-45447

A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint. This manipulation of the argument uid causes execution after redirect. It is possible to initiate...

PT-2026-45405

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save comment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

PT-2026-45272

A vulnerability was found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission form check.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

PT-2026-45267

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scan memory content of the file tools/memory tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be use...

ASB-A-449392803

In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-10204 OFCMS JSON Query SysUserController.java query sql injection

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

CVE-2026-10203 OFCMS JSON Query SystemParamController.java query sql injection

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

CVE-2026-10203 OFCMS JSON Query SystemParamController.java query sql injection

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

CVE-2026-10203

The report identifies CVE-2026-10203 affecting OFCMS 1.1.3. The vulnerability lies in the JSON Query Interface: the Query function in OFCMS-admin/src/main/java/com/ofsoft/cms/admin/controller/system/SystemParamController.java, which enables SQL injection. This can be triggered remotely, with publ...

DEBIAN-CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

DEBIAN-CVE-2026-10200

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has bee...

CVE-2026-10200

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has bee...

CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...