CVE-2018-25433 Joomla JE Photo Gallery 1.1 SQL Injection via categoryid

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...

EUVD-2026-33758

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-10287 SourceCodester SEO Meta Tag Extractor index.php get_headers server-side request forgery

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-10287 SourceCodester SEO Meta Tag Extractor index.php get_headers server-side request forgery

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-10287

The vulnerability affects SourceCodester SEO Meta Tag Extractor 1.0, specifically the get_headers function in /index.php. The issue arises from manipulating the url parameter, enabling server-side request forgery (SSRF) that can be initiated remotely. Exploit details have been publicly disclosed....

CVE-2026-10278 ishayoyo excel-mcp read_file/write_file index.ts path traversal

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

CVE-2026-10110

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and m...

EUVD-2024-54943

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting XSS. This issue affects OctoCloud: from s1.09.01 before v1.11.01...

EUVD-2024-54942

Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing. This issue affects OctoCloud: from s1.09.01 before v1.11.01...

Advisory ROSA-SA-2026-3313

Component: xz 5.2.9 OS: ROSA-CHROME Unaffected versions: = xz-5.2.9-2 Affected versions: xz-5.2.9-2 CVE-ID: CVE-2026-34743 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The buffer overflow vulnerability in XZ Utils allows an attacker to cause memory corruption by using the lzmaindexdecoder...

BIT-KIBANA-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

USN-8349-1 rsync vulnerabilities

Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. CVE-2025-10158 Batuhan Sancak, Damien Neil, and Michael Stapelberg discovere...

USN-8349-1: rsync vulnerabilities

Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. CVE-2025-10158 Batuhan Sancak, Damien Neil, and Michael Stapelberg discovere...

PT-2026-45664

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2026-42500

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

SourceCodester SEO Meta Tag Extractor – Code-related vulnerabilities

SourceCodester SEO Meta Tag Extractor is an open-source SEO meta tag extractor developed by SourceCodester. Version 1.0 of SourceCodester SEO Meta Tag Extractor has a code vulnerability. This vulnerability stems from incorrect parameter handling in the getheaders function within the file/index.ph...

Malicious code in discord-massban (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1b535ff4283b14cd5d93b2e31a997d1c8abd7424e2aa48a993c19e5e7f6b2b3b Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in obfuscation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9a6d747918a89b433d6b670595d6b8d3049f49a69762c3e483d4f0f9dbeb81a3 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-5094 Malicious code in hell-cipher (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e852860302b982f58123434d6c8671299f6b8e45e8f57c8149ab3380eb91fa63 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

OFFIS DCMTK 安全漏洞

OFFIS DCMTK is a collection of libraries and applications developed by the German company OFFIS that implement most DICOM standards. It includes software for checking, processing, and converting DICOM image files, handling offline media, sending and receiving images via network connections, as we...