CVE-2026-4784 code-projects Simple Laundry System Parameter checkcheckout.php sql injection

A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2026-4783

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument coursecode leads to sql injection. It is possible to...

EUVD-2026-15180

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument coursecode leads to sql injection. It is possible to...

EUVD-2026-15029

A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file updatecustomerdetails.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can b...

Iperius Backup 访问控制错误漏洞

Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Iperius Backup versions 8.7.3 and earlier contained an access control vulnerability, which was caused by improper handling of the NTLM2 Handler component, potentially leading to information leakage...

PT-2026-27734

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi lock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on boot and walk i801...

PT-2026-28133

Name of the Vulnerable Software and Affected Versions Enter Software Iperius Backup versions up to 8.7.3 Description A flaw exists in Enter Software Iperius Backup related to the NTLM2 Handler component, potentially leading to information disclosure. Exploitation is limited to local execution and...

GHSA-J65M-HV65-R264 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

Summary PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in internal/handlers/middleware.go but was not inserted into the production HTTP handler chain, so...

CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the HandleAuthenticationFailure function of the AMF component. An attacker can cause the service to become unavailable by sending specially crafted requests remotely. Details Denial of Service DoS describes a...

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...

CVE-2026-33336 Vikunja Desktop vulnerable to Remote Code Execution via same-window navigation

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...

CVE-2026-33335

Vikunja Desktop Electron wrapper risk (CVE-2026-33335). The vulnerability affects Vikunja Desktop prior to 2.2.0, where URLs from window.open() are passed directly to shell.openExternal() without validation or protocol allowlisting. An attacker who can insert a link (e.g., target="_blank" in user...

EUVD-2019-19994

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers,...

EUVD-2019-19996

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and...

EUVD-2019-20008

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

CVE-2019-25634

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

CVE-2019-25628

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and...

CVE-2019-25634 Base64 Decoder 1.1.2 Local Buffer Overflow SEH Egghunter

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

CVE-2019-25633 AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via EggHunter

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display nam...