CVE-2026-30571

CVE-2026-30571 affects SourceCodester Inventory System 1.0. The vulnerability is a reflected XSS in view_category.php via the limit parameter, where input is not properly sanitized. An attacker can craft a URL to inject arbitrary web script/HTML, potentially affecting users who visit the link. Th...

CVE-2026-33620 PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through...

VIPSQLi

🔥 VIP SQLi Scanner - Professional Triage Tool REAL SQLi PEH...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

EUVD-2025-32120

Malicious code in bioql PyPI...

PT-2025-36526

Name of the Vulnerable Software and Affected Versions: itsourcecode Student Information Management System version 1.0 Description: A security flaw exists in itsourcecode Student Information Management System 1.0. The issue involves SQL injection stemming from the manipulation of the ID argument...

Sports Management System facilitator.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/facilitator.php. An attacker can exploit this vulnerabili...

CVE-2025-30056 Calling system commands via RunCommand

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

PT-2025-27533 · Unknown · Campcodes Employee Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Employee Management System version 1.0 Description: A critical issue was found in Campcodes Employee Management System, affecting an unknown part of the file /changepassemp.php. The manipulation of the ID argument leads to SQL...

CVE-2019-9839

VFront 0.99.5 has Reflected XSS via the admin/menuregistri.php descrizioneg parameter or the admin/syncregtab.php azzera parameter...

CVE-2017-18364

phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter...

PT-2024-38252 · Sourcecodester · Establishment Billing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Establishment Billing Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /manage block.php. The manipulation of the id argument leads to SQL injection...

PT-2024-38172 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R version 9.1.0u.6268 B20220504 Description: A critical issue has been found in the function loginauth of the file /cgi-bin/cstecgi.cgi, where the manipulation of the password argument leads to buffer overflow. The attack can be...

WordPress plugin Elementor Addons by Livemesh security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-26695 · Tenda · Tenda Fh1202 +3

Name of the Vulnerable Software and Affected Versions: Tenda F1202 version 1.2.0.9 PA202 version 1.1.2.5 PW201A version 1.1.2.5 FH1202 version 1.2.0.9 Description: A stack overflow issue was discovered via the page parameter at the "/L7Im" API endpoint. This issue affects several Tenda devices...

PT-2023-11495 · Espcms · Espcms

Name of the Vulnerable Software and Affected Versions: espcms version P8.18101601 Description: The issue allows arbitrary code to be executed via the title parameter, enabling cross-site scripting XSS. This means an attacker could inject malicious code into a website, potentially stealing user da...

PT-2022-27336 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda A18 version 15.13.07.09 Description: A stack overflow issue was discovered, which can be triggered via the security 5g parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Tenda A18 version 15.13.07.09, avoid using...

PT-2022-26751 · Tenda · Tenda Ac23

Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.45 cn Description: A stack overflow issue was discovered via the devName parameter in the formSetDeviceName function. This issue can be exploited, potentially allowing attackers to execute arbitrary code...

PT-2022-7072 · Opencats · Opencats

Name of the Vulnerable Software and Affected Versions: OpenCATS version 0.9.6 Description: The issue is related to a reflected cross-site scripting XSS vulnerability in the Check Email function of OpenCATS. This vulnerability can be exploited via the email parameter, potentially allowing a remote...

PT-2022-12382 · Totolink · Totolink A720R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version 4.1.5cu.470 B20200911 Description: A stack overflow was discovered in the setWiFiWpsStart function, allowing attackers to cause a Denial of Service DoS via the pin parameter. Recommendations: For TOTOLINK A720R version...