208 matches found
CVE-2026-15535
A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...
CVE-2026-15498
A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This...
Malicious code in polymarket-kelly-stake-math (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9798cce0effcbcf5ed3295f322a375bb1a3cbb7e9db4b7d88c802bf5116639e3 [email protected] advertises itself as a pure Kelly-stake math helper but its postinstall hook scripts/install-check.cjs, invoked fro...
CVE-2026-14800 imhamzaazam ecommerceFlask cross-site request forgery
A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...
CVE-2026-14751
A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...
EUVD-2026-41759
A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignmentitemid results in authorization...
CVE-2026-11533
A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...
CVE-2026-11475
A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of...
EUVD-2026-35006
A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of...
CVE-2026-11475
The CVE-2026-11475 affects Kushan2k student-management-system. Affects the function getStatus in controllers/GradeController.php of the Certificate Verification Endpoint. The underlying issue is that manipulating the nic argument can cause an SQL injection, enabling remote exploitation. Public ex...
CVE-2026-11333
A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboardpage/forms/uploadstudentdata.php of the component Student Data...
CVE-2026-10807
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/changeprofileimage.php. Executing a manipulation of the argument prprofileimage can lead to unrestricted upload. The attack may be launched remotely. The...
CVE-2026-7811
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...
CVE-2026-7398
A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfomcpplatform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The...
CVE-2026-7588
A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function getstyleguide/getbestpractices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and...
CVE-2026-9474
A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...
CVE-2026-11334
The CVE-2026-11334 entry concerns tittuvarghese CollegeManagementSystem (dashboard_page/forms/fetch.php) where manipulating the department_code argument leads to SQL injection. A remote attacker can exploit this with no authentication required; exploit maturity is described as PoC. The vulnerabil...
PT-2026-46960
Name of the Vulnerable Software and Affected Versions tittuvarghese CollegeManagementSystem affected versions not specified Description A remote SQL injection can be triggered by manipulating the department code argument within an unknown function of the file 'dashboard page/forms/fetch.php'. SQL...
PT-2026-46976
A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboard page/forms/fetch.php. The manipulation of the argument department...
PT-2026-46220
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change profile image.php. Executing a manipulation of the argument pr profile image can lead to unrestricted upload. The attack may be launched remotely...