105528 matches found
CVE-2026-7057
A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published a...
CVE-2026-7196
A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be...
TOTOLINK N300RT 缓冲区错误漏洞
The TOTOLINK N300RT is a wireless router from TOTOLINK Corporation that complies with the 802.11n standard. The version 3.4.0-B20250430 of the Totolink N300RT has a buffer error vulnerability. This vulnerability stems from a buffer overflow in the entryname parameter of the /boafrm/formIpQoS file...
SourceCodester Safety Anger Pad 跨站脚本漏洞
SourceCodester Safety Anger Pad is an open-source security warning software developed by SourceCodester. Version 1.0 of SourceCodester Safety Anger Pad contains a cross-site scripting vulnerability. This vulnerability stems from the angerDisplay parameter, which has cross-site scripting...
CVE-2026-37750
A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...
SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞
SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability arises from...
MCP Research Server 路径遍历漏洞
MCP Research Server is a server for searching and extracting research papers, developed by Elie Schoppik. Version 0.1.0 of MCP Research Server has a path traversal vulnerability. This vulnerability stems from the topic parameter used in the searchpapers function within the researchserver.py file,...
Claude Agent SDK Master 路径遍历漏洞
Claude Agent SDK Master is a progressive learning tutorial for Claude Agent SDK developed by Erlich. Claude Agent SDK Master has a path traversal vulnerability; this vulnerability stems from the outputFile parameter in the app/api/agent-output/route.ts file, which allows for path traversal,...
SourceCodester Pizzafy Ecommerce System 注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-35709
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploi...
PT-2026-35819
A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...
SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a cross-site scripting vulnerability. This vulnerability arises from the saveorder function in the file...
Code-Projects Coaching Management System 注入漏洞
The Code-Projects Coaching Management System is an open-source coaching management system developed by Code-Projects. Version 1.0 of the Code-Projects Coaching Management System has a SQL injection vulnerability. This vulnerability stems from the complaintreply parameter in the...
MCP-GMX-VMD 注入漏洞
MCP-GMX-VMD is an integrated tool for molecular dynamics simulation and visualization developed by EgT’s individual developers. Versions of MCP-GMX-VMD 0.1.0 and earlier contained a injection vulnerability. This vulnerability stemmed from incorrect handling of parameters such as structurefile and...
PT-2026-35683
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...
SourceCodester Pharmacy Sales and Inventory System 注入漏洞
SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability stems from the operation o...
PT-2026-35690
A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...
Papers MCP Server 路径遍历漏洞
Papers MCP Server is a scholarly paper management and MCP protocol service tool developed by Byron Duarte. There is a path traversal vulnerability in Papers MCP Server. This vulnerability stems from the incorrect handling of the topic parameter in the searchpapers function in the src/main.py file...
JeecgBoot 注入漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained an injection vulnerability. This vulnerability stemmed from the parameter keyword in the SqlInjectionUtil function of the component.loadDi...
SourceCodester Pizzafy Ecommerce System 注入漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the e-mail parameter in the Login function of the...