CVE-2026-11345

In CVE-2026-11345, the linqi web app exposes an improper authentication flaw in the /api/Cdn/GetFile endpoint. The ValidateAnonFileAccess check incorrectly grants access when an AnonFile query parameter is exactly 256 characters, allowing unauthenticated remote access to files. The exposed resour...

BIT-AIRFLOW-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

EUVD-2026-34542

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

CVE-2026-10878

Summary of vulnerability : CVE-2026-10878 affects D-Link DWR-M920 firmware versions 1.1.50 and 1.1.70. The issue resides in the function sub_41C8E8 of /boafrm/formSmsManage, where manipulation of the argument action_value leads to a command injection . The vulnerability enables remote exploitatio...

SourceCodester Ship Ferry Ticket Reservation System 代码注入漏洞

The SourceCodester Ship Ferry Ticket Reservation System is an open-source booking system for ship tickets developed by SourceCodester. Version 1.0 of the SourceCodester Ship Ferry Ticket Reservation System has a code injection vulnerability. This vulnerability stems from improper handling of the...

PT-2026-46949

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated reflected cross-site scripting issue exists in the 'server.log' endpoint. This allows attackers to inject arbitrary HTML and JavaScript code via the search parameter. By crafting...

Code-Projects Hotel and Tourism Reservation System SQL注入漏洞

Code-Projects Hotel and Tourism Reservation System is an open-source hotel and tourism reservation system developed by Code-Projects. Version 1.0 of the Code-Projects Hotel and Tourism Reservation System has a SQL injection vulnerability. This vulnerability arises from improper handling of the ro...

PT-2026-47055

Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description A stack overflow exists in the fromDhcpListClient function. This occurs when processing the page parameter via a crafted HTTP request, which can lead to a Denial of Service DoS, a condition where the...

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Reflected XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

PT-2026-46838

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub 41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action value results in command injection. The attack is possible to be carried out remotely. The exploit is now public a...

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

PT-2026-47007

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

PT-2026-47068

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker versions prior to 11.1.3 Description The plugin is susceptible to time-based blind SQL Injection, a technique where an attacker asks the database true/false questions and determines the...

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

PT-2026-46931

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

SourceCodester Ship Ferry Ticket Reservation System 授权问题漏洞

The SourceCodester Ship Ferry Ticket Reservation System is an open-source booking system developed by SourceCodester. Version 1.0 of the SourceCodester Ship Ferry Ticket Reservation System has a vulnerability related to authorization issues. This vulnerability arises from improper handling of the...

SourceCodester Ship Ferry Ticket Reservation SQL注入漏洞

SourceCodester Ship Ferry Ticket Reservation is an open-source ticket reservation service developed by SourceCodester. Versions of SourceCodester Ship Ferry Ticket Reservation prior to 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the Username...

CollegeManagementSystem 代码注入漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. CollegeManagementSystem has a code injection vulnerability. This vulnerability stems from improper handling of the departmentname parameter in the...

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the insecure handling of path parameters by the GET /ssh/filemanager/ssh/resolvePath endpoint, which caused...

PT-2026-46960

Name of the Vulnerable Software and Affected Versions tittuvarghese CollegeManagementSystem affected versions not specified Description A remote SQL injection can be triggered by manipulating the department code argument within an unknown function of the file 'dashboard page/forms/fetch.php'. SQL...