PT-2026-43165

A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto-Redirect. The manipulation of the argument redirect results in cross site scripting. The attack m...

PT-2026-43177

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

PT-2026-43312

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute web request secure function in src/fast library.cpp creates a boost::asio::ssl::context with tls client mode and calls set default verify paths to load CA certificates, but never...

CVE-2026-48697

Summary: CVE-2026-48697 affects FastNetMon Community Edition up to 1.2.9. The root cause is in execute_web_request_secure() in src/fast_library.cpp, which creates a Boost.Asio TLS client context (tls_client) and calls set_default_verify_paths() but never enables verify_peer. As a result, OpenSSL ...

This Week in Spring - May 26th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Coimbra, Portugal, where I just did my usual shtick on the latest and greatest in Spring Framework 7.x, Spring Boot 4.x, and Spring AI 2.x. It was a ton of fun, and I want to thank everybody who came out. Last week I w...

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

PT-2026-43267

e107 is a content management system CMS. Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, o...

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

epa4all-client 数据伪造问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a data manipulation vulnerability. This vulnerability arises from the possibility for a man-in-the-middle attacker to replace the discovered documents...

Bugsink 代码问题漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.1.3 had code vulnerabilities. These vulnerabilities stemmed from URL parsing issues, which allowed partial bypass of Webhook URL validation. This could enable attackers to circumvent...

Important: amazon-ecr-credential-helper

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Debian dla-4600 : python3-django-postorius - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4600 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4600-1 [email protected] https://www.debian.org/lts/security/...

CVE-2026-9474

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...

CVE-2026-9474

The CVE-2026-9474 entry concerns yashpokharna2555’s StudentManagementSystem. It states that the function confirm_logged_in in /studentdel.php is vulnerable to SQL injection via a manipulated ID parameter, with remote launch possible and a public exploit. Affected versions are not clearly specifie...

EUVD-2026-31707

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...

CVE-2026-9474 yashpokharna2555 StudentManagementSystem studentdel.php confirm_logged_in sql injection

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...

CVE-2026-9473 c-rick jimeng-mcp api.ts generateVideo path traversal

A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...

CVE-2026-9470

A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirmloggedin of the file studenttrans.php. Such manipulation of the argument FIRSTNAME/LastName/EMAIL leads to sql injection. It is possibl...

CVE-2026-9470 yashpokharna2555 StudentManagementSystem student_trans.php confirm_logged_in sql injection

A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirmloggedin of the file studenttrans.php. Such manipulation of the argument FIRSTNAME/LastName/EMAIL leads to sql injection. It is possibl...

CVE-2026-9470

The CVE-2026-9470 entry concerns the yashpokharna2555 StudentManagementSystem. A SQL injection vulnerability affects the file student_trans.php, in the function confirm_logged_in, resulting from manipulation of the FIRST_NAME/Last_Name/EMAIL arguments. Attacks can be launched remotely. Public dis...