PT-2026-45422

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

📄 dwol 1.0.0 Command Injection

This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine whether arbitrary...

PT-2026-45624

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...

Nextcloud Server 路径遍历漏洞

NextCloud Server is an open-source NextCloud server program developed by NextCloud. Versions of NextCloud Server from 31.0.0 to 31.0.14 and from 32.0.0 to 32.0.4 contained a path traversal vulnerability. This vulnerability occurred when the lang parameter was used in template directory...

CVE-2026-10203

The report identifies CVE-2026-10203 affecting OFCMS 1.1.3. The vulnerability lies in the JSON Query Interface: the Query function in OFCMS-admin/src/main/java/com/ofsoft/cms/admin/controller/system/SystemParamController.java, which enables SQL injection. This can be triggered remotely, with publ...

CVE-2026-10189

A vulnerability has been found in Tenda W12 3.0.0.74763. This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

EUVD-2026-33510

A flaw has been found in Tenda W12 3.0.0.74763. This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-10186

A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit...

CVE-2026-10186 code-projects Online Hospital Management System patient.php sql injection

A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit...

CVE-2026-10186

Code-projects Online Hospital Management System 1.0 contains an SQL injection vulnerability in the /patient.php endpoint, triggered by manipulating the editid parameter. The flaw allows remote exploitation and has publicly disclosed exploit details. Multiple CVSS metrics across versions (e.g., CV...

CVE-2026-10186

A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in qs (CVE-2025-15284, CVE-2026-2391)

Summary Multiple vulnerabilities in the qs query string parsing library used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 6.14.2. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules...

CVE-2026-10183

CVE-2026-10183 affects TRENDnet TEW-432BRP firmware 3.10B20. The vulnerability is in the function /goform/formWlanSetup, where manipulation of the enrollee argument causes a stack-based buffer overflow. It may be exploited remotely; a public exploit exists. The vendor notes the device has been En...

EUVD-2026-33505

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and mig...

EUVD-2026-33504

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

EUVD-2026-33498

A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may ...

Unbounded digits parameter in a provisioning URI triggers an uncaught DivisionByZeroError in OTP generation

Summary The digits parameter parsed from a provisioning URI is validated only with a lower bound $value 0 and has no upper bound src/OTP.php:353-357. OTP generation computes $code % 10 $this-getDigits src/OTP.php:283. When digits is large enough that 10 digits overflows PHP's integer range and th...

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-10170 code-projects Visitor Management System phone_0.php sql injection

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-10170 code-projects Visitor Management System phone_0.php sql injection

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...