GHSA-6H8R-H22R-JJ64 AMF Vulnerable to Improper Resource Shutdown or Release

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2026-8782

The CVE affects omec-project amf up to version 2.1.3-dev, specifically in the NGAP Message Handler (ngap/handler.go). The issue is a null pointer dereference caused by manipulation of an unknown function, enabling remote exploitation. Public exploits exist, and upgrading to version 2.2.0 mitigate...

EUVD-2026-26916

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

CVE-2026-7071 CodeAstro Online Job Portal user-cvs file information disclosure

A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has...

CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

CVE-2026-5972 FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection

A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.runcommand in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed ...

CVE-2026-5615

A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...

CVE-2026-27091

Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through = 3.5.09...

CVE-2026-4194

CVE-2026-4194 affects multiple D-Link DNS devices (e.g., DNS-120, DNS-320 family, DNS-1550-04, others) with the vulnerable element in the CGI: /cgi-bin/system_mgr.cgi, function cgi_set_wto. The issue is improper access controls due to manipulating this function, enabling remote exploitation. Mult...

CVE-2026-2528

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function DeleteMaclist of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to command injection. Remote exploitation of the attack is possible. The exploit i...

CVE-2026-2136

A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be use...

CVE-2026-1176

A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

Linux Distros Unpatched Vulnerability : CVE-2026-0822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function jstypedarraysort of the file quickjs.c. The manipulation lead...

CVE-2025-15501

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...

CVE-2025-15501

CVE-2025-15501 affects Sangfor Operation and Maintenance Management System up to v3.0.8. The vulnerability is in the function WriterHandle.getCmd (file /isomp-protocol/protocol/getCmd) where manipulating the argument sessionPath enables OS command injection. Remote exploitation is possible and ex...

CVE-2026-0643

A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The...

CVE-2026-0643

The connected PT-2026-1547 advisory confirms a vulnerability in projectworlds House Rental and Property Listing v1.0, specifically in the Signup component’s /app/register.php?action=reg endpoint. An attacker can manipulate the image parameter to cause unrestricted file upload, enabling remote exp...

CVE-2026-0597

A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/editprofile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has...

CVE-2026-0597

A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/editprofile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-14836

CVE-2025-14836 concerns ZZCMS 2025. The vulnerability affects the User Data Storage Module, specifically the file path "/reg/user_save.php". The issue enables cleartext storage of data on disk due to an unknown functionality manipulation. Remote exploitation is possible, and an exploit has been p...