CVE-2026-5535 FedML-AI FedML MQTT Message FileUtils.java path traversal

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The...

CVE-2026-5535 FedML-AI FedML MQTT Message FileUtils.java path traversal

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The...

CVE-2026-5535

FedML-AI FedML up to 0.8.9 has a path traversal flaw in the MQTT Message Handler’s FileUtils.java triggered by manipulating the dataSet argument. The issue is remotely exploitable and an exploit has been publicly released. Affected component: MQTT Message Handler (FileUtils.java) within FedML-Fed...

CVE-2026-5535

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The...

CVE-2026-5534

CVE-2026-5534 affects the itsourcecode Online Enrollment System 1.0. The vulnerability is in an unknown function of the component Parameter Handler, specifically the file /sms/user/index.php?view=edit&id=10, where manipulation of the USERID parameter leads to SQL injection. It can be exploited re...

CVE-2026-5533

A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible...

CVE-2026-5533 badlogic pi-mono SVG Artifact SvgArtifact.ts cross site scripting

A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible...

CVE-2026-5533 badlogic pi-mono SVG Artifact SvgArtifact.ts cross site scripting

A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible...

EUVD-2026-19003

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

CVE-2026-5530

Ollama up to 18.1 contains a flaw in the Model Pull API’s file server/download.go that allows manipulation leading to server-side request forgery (SSRF). The issue can be exploited remotely. Connected sources confirm the vulnerable component and impact, but no vendor patch or remediation is docum...

PT-2026-30440

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A vulnerability exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. Manipulation of the File argument within an unknown function of the /fs file in the Configuration...

PT-2026-30450

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

PT-2026-30406

Name of the Vulnerable Software and Affected Versions FedML-AI FedML versions up to 0.8.9 Description A security flaw exists in FedML-AI FedML up to version 0.8.9, specifically within the MQTT Message Handler component. Manipulation of the dataSet argument in an unknown function of the file...

PT-2026-30422

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible...

PT-2026-30423

A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler. Such manipulation of the argument Name leads to sql injection. The attack can be launched...

Tenda AC10 安全漏洞

The Tenda AC10 is a wireless router produced by the Chinese company Tenda. The Tenda AC10 16.03.10.10multiTDE01 version has a security vulnerability. This vulnerability stems from the hardcoded encryption key present in the file/webroot-ro/pem/privkeySrv.pem of the RSA 2048-bit Private Key Handle...

River Past Video Cleaner 缓冲区错误漏洞

River Past Video Cleaner is a software tool developed by River Past Corporation, designed for batch conversion and repair of video formats and timestamps. Version 7.6.3 of River Past Video Cleaner contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the...

PT-2026-30465

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...

PT-2026-30412

A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remotely. The exploit...

PT-2026-30479

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exceptio...