CVE-2026-8033 PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

CVE-2026-8033

PicoTronica e-Clinic Healthcare System ECHS version 5.7 contains a vulnerability in the Response Header Handler component, specifically affecting the file /cdemos/echs/api/v2/. The issue allows information disclosure due to manipulation of the response headers. Exploitation is described as possib...

CVE-2026-8033

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

CVE-2026-41931

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

CVE-2026-41938

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

EUVD-2026-27893

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

CVE-2026-41938 Vvveb < 1.0.8.2 RCE via Media Upload Handler

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

CVE-2026-41938

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

CVE-2026-41938 Vvveb < 1.0.8.2 RCE via Media Upload Handler

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

CVE-2026-41931

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CVE-2026-41931

CVE-2026-41931 affects Vvveb

CVE-2026-41931 Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

EUVD-2026-27887

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CVE-2026-41934

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI

Summary pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception for example by requesting a...

GHSA-C3GC-9PF2-84GG PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI

Summary pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception for example by requesting a...

EUVD-2026-27830

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

CVE-2026-8027

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

CVE-2026-8027

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...