PT-2026-33686

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclos...

CVE-2026-36941

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manageroom.php...

WordPress plugin Trinity Audio 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

EUVD-2025-16988

Malicious code in bioql PyPI...

CVE-2025-8964

CVE-2025-8964 affects code-projects’ Hostel Management System 1.0, specifically the Login component via the hostel_manage.exe file. The vulnerability is described as improper authentication, enabling a local-host attack. The PT-2025-33299 entry confirms the issue and states the exploit has been p...

CVE-2025-30441

This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files...

USN-7332-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers;...

USN-7289-4: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; -...

CVE-2025-25243

SAP Supplier Relationship Management Master Data Management Catalog allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive information with no impact to integrity or...

USN-7003-4: Linux kernel vulnerabilities

It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service system crash. CVE-2024-40902 Several security issues were discovered in the Linux kernel. An attacker could...

SourceCodester Tracking Monitoring Management System SQL注入漏洞

SourceCodester Tracking Monitoring Management System is a monitoring management system from SourceCodester Inc. A SQL injection vulnerability exists in SourceCodester Tracking Monitoring Management System version 1.0, which originates from an SQL injection vulnerability in the id parameter of the...

CVE-2024-5365

A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file managepayment.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

PT-2024-33387 · Sourcecodester · Sourcecodester School Intramurals Student Attendance Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester School Intramurals Student Attendance Management System version 1.0 Description: A critical issue affects the processing of the file /intrams sams/manage course.php, where the manipulation of the id argument leads to sql...

DFIRKuiper Kuiper Path Traversal Vulnerability

DFIRKuiper Kuiper is a digital investigation platform from the individual developers of DFIRKuiper that provides investigative teams and individuals with the ability to parse, search, and visualize collected evidence. A path traversal vulnerability exists in DFIRKuiper Kuiper version 2.3.4, which...

PT-2023-20787 · Sourcecodester · Sourcecodester Covid-19 Contact Tracing System

Name of the Vulnerable Software and Affected Versions: SourceCodester Covid-19 Contact Tracing System version 1.0 Description: A critical issue was found in the SourceCodester Covid-19 Contact Tracing System, affecting the file admin/establishment/manage.php. The manipulation of the id argument...

SharpStrike - A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems

SharpStrike is a post-exploitation tool written in C that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session. Note: Some commands will use PowerShell in combination with WMI, denoted with in the --show-commands command. Introduction...

CVE-2020-12149 OS Command Injection - Management File Upload

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...