PT-2026-31679

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml fill of the file metagpt/actions/action node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated...

PT-2026-31795

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.13B01 Description A buffer overflow exists in the POST Request Handler component due to manipulation of the curTime argument within the formAdvNetwork function of the /goform/formAdvNetwork file. Remote exploitation i...

PT-2026-31723

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A vulnerability exists in the Totolink A7100RU device. The setDmzCfg function within the CGI Handler component, specifically in the /cgi-bin/cstecgi.cgi file, is susceptible to OS comma...

Tenda i3 路径遍历漏洞

The Tenda i3 is a wireless access point device produced by the Chinese company Tenda. The version Tenda i3 1.0.0.62204 contains a path traversal vulnerability. This vulnerability stems from a path traversal issue within the R7WebsSecurityHandler function in the HTTP Handler component, which may...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability stems from an operation on the mode parameter in the setWiFiAclRules...

PT-2026-31668

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.6468 Description A path traversal issue exists in the httpd component, specifically within the R7WebsSecurityHandlerfunction function. This allows for remote manipulation. The exploit is publicly available...

Code-Projects Patient Record Management System 访问控制错误漏洞

The Code-Projects Patient Record Management System is an open-source medical record management system developed by Code-Projects. Version 1.0 of the Code-Projects Patient Record Management System contains a vulnerability related to access control. This vulnerability stems from an information...

GL.iNet GL-RM 授权问题漏洞

GL.iNet GL-RM is a series of embedded IoT remote management and communication modules developed by GL.iNet Corporation. There are authorization-related vulnerabilities in GL.iNet GL-RM. These vulnerabilities stem from issues with the Factory Reset Handler component, where improper authentication...

Tenda i12 路径遍历漏洞

The Tenda i12 is a ceiling-mounted wireless access point produced by the Chinese company Tenda. The version Tenda i12 1.0.0.113862 contains a path traversal vulnerability. This vulnerability stems from a path traversal issue in the HTTP Handler component, which may lead to path traversal attacks...

Code-Projects Movie Ticketing System 访问控制错误漏洞

The Code-Projects Movie Ticketing System is an open-source movie ticketing system developed by Code-Projects. Version 1.0 of the Code-Projects Movie Ticketing System contains a security vulnerability related to access control. This vulnerability stems from an information leakage issue in the...

JimuReport 代码注入漏洞

JimuReport is a free reporting tool developed by JEECG in China. Versions of JimuReport 2.3.0 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter dbUrl in the DriverManager.getConnection function within the Data Source Handler...

PublicCMS 安全漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China, written in the Java language. Versions of PublicCMS 6.202506.d and earlier contain security vulnerabilities. These vulnerabilities stem from operations on the...

MetaGPT 安全漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained security vulnerabilities. These vulnerabilities were caused by operations on the ActionNode.xmlfill function in the XML Handler component, which could lead to improper instructions in...

PT-2026-31635

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...

CVE-2026-5811

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

CVE-2026-5810

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has...

CVE-2026-5811

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

CVE-2026-5811 SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

CVE-2026-35607

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the...

CVE-2026-35446

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 24.0.0 to before 27.0.3 and 28.0.1, an incorrect order of operations in the FilesDownloadHandler could result in an attacker escaping t...