1132 matches found
CVE-2026-6164
A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the publi...
CVE-2026-6164 code-projects Lost and Found Thing Management addcat.php sql injection
A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the publi...
CVE-2026-6163
A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...
CVE-2026-6163 code-projects Lost and Found Thing Management catageory.php sql injection
A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...
CVE-2026-6163
CVE-2026-6163 : In code-projects Lost and Found Thing Management 1.0, manipulation of the argument cat in /catageory.php enables SQL injection via an unsanitized input parameter. The issue is exploitable remotely and the exploit is publicly available. The CVSS metrics in the connected documents i...
CVE-2026-6163 code-projects Lost and Found Thing Management catageory.php sql injection
A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...
PT-2026-32274
A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...
PT-2026-32275
A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the publi...
Code-Projects Lost and Found Thing Management SQL注入漏洞
Code-Projects Lost and Found Thing Management is an open-source lost and found management tool developed by Code-Projects. Version 1.0 of Code-Projects Lost and Found Thing Management contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “cata”...
Code-Projects Lost and Found Thing Management SQL注入漏洞
Code-Projects Lost and Found Thing Management is an open-source lost and found management tool developed by Code-Projects. Version 1.0 of Code-Projects Lost and Found Thing Management contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the cat parameter in...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006723)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006723 advisory. In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA aka ENOATTR has a very specifi...
Rack has Content-Length mismatch in Rack::Files error responses
Summary Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the...
GHSA-Q2WW-5357-X388 Rack has Content-Length mismatch in Rack::Files error responses
Summary Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the...
UBUNTU-CVE-2026-34831
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...
PT-2026-29918
Summary Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the...
CVE-2026-28786
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...
GHSA-VVXM-VXMR-624H Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...
CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...
MAL-2026-1938 Malicious code in @metaplex-foundations/umi-public-keys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48abfc0f902cd0f09b0c2ae7449eaefbf3b4baf1cb12e4165f509b86f7ad8692 The package @metaplex-foundations/umi-public-keys was found to contain malicious code. Source: ghsa-malware...