EUVD-2026-16917

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

CVE-2026-4995 wandb OpenUI Window Message Event index.html cross site scripting

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

CVE-2026-4995

A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely...

CVE-2026-4994

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...

CVE-2026-4994 wandb OpenUI APIStatusError server.py generic_exception_handler information exposure

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...

CVE-2026-4994 wandb OpenUI APIStatusError server.py generic_exception_handler information exposure

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function genericexceptionhandler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the...

CVE-2026-4994

CVE-2026-4994 affects wandb OpenUI up to 1.0/3.5-turb. The vulnerable component is generic_exception_handler in backend/openui/server.py of the APIStatusError Handler. The issue arises from manipulation of the argument key, leading to information exposure through error messages. Access to the loc...

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

EUVD-2026-16894

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...

EUVD-2026-16895

A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smfgxccacb/smfgyccacb/smfs6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitabilit...

PT-2026-28728

Name of the Vulnerable Software and Affected Versions elecV2 versions prior to 3.8.4 Description A path traversal issue exists due to the manipulation of the path.join function within the /log/ file of the Wildcard Handler component. This allows for remote exploitation. The project was notified o...

PT-2026-28716

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0 Description A code injection weakness exists in the Chat Message Handler component, specifically within the CodeExecutor.execute function of the pandasai/core/code execution/code executor.py file. This...

elecV2P 代码问题漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters req in the eAxios function within the component’s URL...

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Simple Food Order System has a SQL injection vulnerability. This vulnerability stems from an unknown function in the Component Parameter Handler’s fi...

PT-2026-28730

Name of the Vulnerable Software and Affected Versions elecV2 elecV2P versions through 3.8.3 Description A server-side request forgery condition exists due to manipulation of the req argument within the eAxios function located in the /mock file of the URL Handler component. This allows for remote...

PT-2026-28713

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 1.0 Description A cross site scripting issue exists in the file frontend/public/annotator/index.html of the Window Message Event Handler component. This manipulation can be initiated remotely and the exploit has bee...

elecV2P 路径遍历漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a path traversal vulnerability. This vulnerability stems from the use of the path.join function in the Wildcard Handler component’s file/log/...

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Simple Food Order System has a SQL injection vulnerability. This vulnerability stems from improper handling of parameters by the unknown function in...

PT-2026-28720

Name of the Vulnerable Software and Affected Versions PromtEngineer localGPT versions up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054 Description A flaw exists within PromtEngineer localGPT that allows for injection. The issue resides in the route using overviews function within the...

PT-2026-28732

Name of the Vulnerable Software and Affected Versions Simple Food Order System version 1.0 Description A flaw exists in Simple Food Order System 1.0 related to the handling of parameters. Specifically, manipulating the Name argument can lead to SQL injection. This issue affects an unknown functio...