CVE-2025-66880

The CVE-2025-66880 entry concerns a Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877. The issue affects the LoginComp (Module 2093) and SignupComp (Module 2094) modules and is described as allowing a remote attacker to execute arbitrary code. Connected sources ...

PT-2026-22571

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

CVE-2026-26720

An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module...

CVE-2025-66880

Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp Module 2093 and SignupComp Module 2094 modules...

EUVD-2026-9194

An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module...

CVE-2026-26720

An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module...

CVE-2025-66880

Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp Module 2093 and SignupComp Module 2094 modules...

PT-2026-22609

Name of the Vulnerable Software and Affected Versions Tenda AC15 versions prior to V15.03.05.18 multi Description A flaw exists in the goform/formSetIptv function of Tenda AC15 routers due to improper handling of code generation in memory when processing the s1 1 parameter. Exploitation of this...

CVE-2026-26720

Twenty CRM versions prior to 1.15.0 are affected by CVE-2026-26720, with the root cause in the local.driver.ts module allowing a remote attacker to execute arbitrary code. Affected product: Twenty CRM (v1.15.0 and earlier). Impact is high/critical per CVSS, including potential full compromise. Re...

CVE-2026-26720

An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module...

PT-2026-22607

Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp Module 2093 and SignupComp Module 2094 modules...

PT-2026-22572

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....

Chamilo 安全漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 contained security vulnerabilities. These vulnerabilities stemmed from logical flaws in the friend request workflow of the social networking module, which could allow authenticated user...

CVE-2026-3255

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

VEcho: A Paradigm Shift from Vulnerability Verification to Proactive Discovery with Large Language Models

Static Application Security Testing SAST tools often suffer from high false positive rates, leading to alert fatigue that consumes valuable auditing resources. Recent efforts leveraging Large Language Models LLMs as filters offer limited improvements; however, these methods treat LLMs as passive,...

CVE-2026-28562 wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter

wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::gettopics where the ORDER BY clause relies on ineffective escsql sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials...

OESA-2026-1459 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2025-15567

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...

CVE-2025-15509

The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage...