369 matches found
PT-2026-35670
A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulation of the argument angerDisplay results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used...
CVE-2026-5719 itsourcecode Construction Management System borrowedtool.php sql injection
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the argument code can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may b...
CVE-2026-5420
CVE-2026-5420 affects Shinrays Games Goods Triple App (up to 1.200), specifically the component cats.goods.sort.sorting.games and the file jRwTX.java. The issue arises from manipulating AES_IV/AES_PASSWORD, resulting in the use of a hard-coded cryptographic key. Local attack is required with high...
CVE-2017-20223
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrie...
WordPress plugin Subscriptions for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-3388 Squirrel sqcompiler.cpp UnaryOP recursion
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...
CVE-2026-26937
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service
Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...
SUSE-SU-2026:20592-1 Security update for 7zip
This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...
CVE-2026-2686
CVE-2026-2686 affects SECCN Dingcheng G10 3.1.0.181203. The vulnerability is in the function qq of the file /cgi-bin/session_login.cgi, where manipulating the User parameter leads to remote OS command injection. Public PoC/exploit details exist; exploitation is possible remotely and has been disc...
CVE-2026-2527
A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...
Prototype Pollution
Locutus is vulnerable to prototype pollution. The vulnerability is due to improper validation of user input that fails to fully prevent manipulation of Object.prototype through crafted inputs leveraging String.prototype, which allows an attacker to pollute the prototype chain and potentially alte...
Atlassian Jira Service Management Data Center and Server 10.3.x < 10.3.16 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16503)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16503 advisory. - Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue...
CVE-2026-2173
A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely...
Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.16 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16502)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16502 advisory. - Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects...
xfig: xfig: Stack-overflow allows possible code execution via local input manipulation
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...
CVE-2021-47791
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's...
xfig: xfig: Stack-overflow allows possible code execution via local input manipulation
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...
xfig: xfig: Stack-overflow allows possible code execution via local input manipulation
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...
xfig: xfig: Stack-overflow allows possible code execution via local input manipulation
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...