CVE-2026-3527

Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...

CVE-2026-32937

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...

Siemens APE1808 Missing Authentication for Critical Function (CVE-2025-22252)

A missing authentication for critical function vulnerability in FortiOS, FortiProxy, and FortiSwitchManager TACACS+ configured to use a remote TACACS+ server for authentication, that has itself been configured to use ASCII authentication may allow an attacker with knowledge of an existing admin...

Vanna 安全漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an injection vulnerability in the exec function located in the src/vanna/legacy directory, which could allow for remote execution...

CVE-2026-22898 QVR Pro

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later...

AWStats 安全漏洞

AWStats is a log analysis tool developed by eldy, a personal developer. This software supports the analysis of web site logs on all operating systems such as IIS 5.0 and Apache. It can analyze logs from web, WAP, proxy, streaming servers, FTP, and mail servers. AWStats 8.0 has a security...

CVE-2025-13779 Configuration Data Spill

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

CVE-2025-13778

The CVE-2025-13778 entry concerns ABB AWIN GW100 rev.2 and AWIN GW120 systems, identified by missing authentication for a critical function. Affected revisions include GW100 rev.2: 2.0-0, 2.0-1; GW120: 1.2-0, 1.2-1. The vulnerability’s impact is indicated as HIGH availability risk (CVSS 4.0: AV:A...

CVE-2026-32304

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...

CVE-2026-3698

A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used...

Arbitrary Code Injection

Amendment This was deemed not a vulnerability. Overview es-toolkit is an A state-of-the-art, high-performance JavaScript utility library with a small bundle size and strong type annotations. Affected versions of this package are vulnerable to Arbitrary Code Injection. The template function in...

CVE-2026-3741

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/DfriendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

PT-2026-23948

A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D singlePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and m...

EUVD-2026-9101

Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...

SIMPLE.ERP SQL注入漏洞

SIMPLE.ERP is an e-commerce platform provided by the SIMPLE company. Versions of SIMPLE.ERP prior to [email protected] contained a SQL injection vulnerability. This vulnerability stemmed from the lack of input validation in the search function, which could lead to SQL injection attacks...

PT-2026-21902

Name of the Vulnerable Software and Affected Versions ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall NGFW versions prior to 2.0.1301 Description A missing authentication check for a critical function in the Antikor Next Generation Firewall NGFW allows an attacker to bypas...

CVE-2026-2548

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

EUVD-2026-5775

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420618 of the file /goform/setupnp. This manipulation of the argument upnpenable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to...

EUVD-2026-5759

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...