PT-2026-49180

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

PT-2026-49167

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...

PT-2026-49176

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...

PT-2026-49175

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launche...

PT-2026-49150

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

PT-2026-49151

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

CVE-2026-50888

The CVE-2026-50888 entry concerns an authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0. The underlying issue allows an authenticated attacker to cause the application to fetch internal resources by supplying a crafted ...

PT-2026-49182

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack nee...

PT-2026-49165

Name of the Vulnerable Software and Affected Versions ShopXO versions prior to 6.7.2 Description An authorization bypass exists in the Scheduled Task Endpoint within the app/api/controller/Crontab.php file. This issue allows a remote attacker to bypass authorization by manipulating the OrderClose...

PT-2026-49178

Name of the Vulnerable Software and Affected Versions DVDFab Virtual Drive version 2.0.0.5 Description Improper privilege management exists within the Signed Kernel Driver component, specifically affecting a function in the dvdfabio.sys library. This issue allows a local attacker to manipulate th...

Linux Distros Unpatched Vulnerability : CVE-2026-12216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a...

CVE-2026-12197 Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

CVE-2026-12197

The CVE-2026-12197 affects Ruijie EG105G-P (firmware 2.340). The issue resides in the nslookup function of /cgi-bin/luci/api/diagnose (JSON-RPC Diagnose Endpoint), where manipulating the params.target argument leads to command injection. It enables remote initiation of an attack, with an exploit ...

CVE-2026-12193

VS Revo RevoUninstaller 2.5.x/2.6.x contains a heap-based overflow in IOCtl_Handler of RevoDetector.sys (IOCTL Handler). The vulnerability enables a local attack and is supported by publicly available exploit material. Upgrading to version 2.7.0 fixes the issue. If you rely on affected builds, ap...

CVE-2026-12193 VS Revo RevoUninstaller IOCTL RevoDetector.sys IOCtl_Handler heap-based overflow

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

CVE-2026-12189

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

CVE-2026-12188

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/gritentitycontroller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The...

CVE-2026-12192 GALAYOU Y4 Web Server buffer overflow

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

CVE-2026-12192 GALAYOU Y4 Web Server buffer overflow

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

CVE-2026-12192

GALAYOU Y4 Web Server 1.0.0 is affected by a buffer overflow in an unspecified Web Server function. The flaw enables local-network exploitation with no authentication required and affects confidentiality, integrity, and availability. Public exploit details are indicated in the CVE context, and th...