CVE-2026-9438

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

CVE-2026-7200

The CVE-2026-7200 issue affects SourceCodester Pharmacy Sales and Inventory System 1.0. Affected functionality is in /index.php?page=types, where manipulating the argument ID enables cross-site scripting. The vulnerability can be exploited remotely and exploits have been published. No remediation...

CVE-2026-6200

A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been public...

CVE-2026-5413

A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argument connectionDetails leads to information disclosure. The attack is possible to be carried out...

PT-2026-29733

A vulnerability was found in SourceCodester/mayuri k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

EUVD-2026-16529

A weakness has been identified in code-projects Exam Form Submission 1.0/7.php. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2025-13004 IDOR in Farktor Software's E-Commerce Package

Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025...

PT-2026-7842

Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025...

CVE-2026-2008

A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqnchart of the file fmcp/mplmcp/core/eqnchart.py. Performing a manipulation of the argument equations results in code injection. It is possible to initiate...

CVE-2026-1197 MineAdmin downloadById information disclosure

A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in information disclosure. The attack can be initiated remotely. The attack's complexity is rated as...

CVE-2026-1112

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids...

EUVD-2025-203470

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

CVE-2025-13443

A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now...

CVE-2025-13304 D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

MAL-2025-108269 Malicious code in rudi-lontong90-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6b2734fc7e6d68270148e9a676c3c3318d682c0b3e4e433130bcfb9b33be3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12303

A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing a manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been...

BIT-GITLAB-2025-11971 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits...

CVE-2025-11971

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits...

CVE-2025-11971

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits...

CVE-2025-11971

GitLab EE fixed CVE-2025-11971, which allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits. Affected versions were 10.6 to before 18.3.5, 18.3.x before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1; remediation was released as patch updates (n...