PT-2026-31639

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions prior to 9.0.0 Description A registered user can query a web service with their credentials and retrieve metadata id, type, name, and other fields from the FileItemDTO object for files and sub-folders of any folder...

PT-2026-31560

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection issue exists due to the manipulation of the postid argument in an unknown function within the /functions/addcomment.php file. The attack can be launched remotely. The exploit h...

PHPGurukul Online Course Registration SQL注入漏洞

PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Inc. Version 3.1 of PHPGurukul Online Course Registration has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter regno in the file...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.23 contained security vulnerabilities. These vulnerabilities stemmed from a replay vulnerability in Plivo V2 signature verification, allowing attackers to bypass replay protecti...

PT-2026-31641

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions 3.1.3 through 8.9.99 Description The REST login endpoint uses the HTTP GET method, transmitting the username and password as query parameters. This practice exposes sensitive credentials in server logs, browser...

PHPGurukul News Portal Project SQL注入漏洞

PHPGurukul News Portal Project is a news portal project of PHPGurukul Corporation. Version 4.1 of the PHPGurukul News Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter sucatdescription in the file admin/add-subcategory.php, which...

PT-2026-31751

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S1 Junos OS versions 23.2 prior to 23.2R2 Junos OS versions 23.4 prior to 23.4R2 Description A memory leak in the DHCP daemon jdhcpd of Juniper Networks Junos OS on MX Series can be triggered ...

PT-2026-31601

Name of the Vulnerable Software and Affected Versions Hydrosystem Control System versions prior to 9.8.5 Description Hydrosystem Control System is susceptible to SQL Injection across numerous scripts and input parameters. The absence of protective measures allows an authenticated attacker to inje...

CVE-2026-5824 code-projects Simple Laundry System userchecklogin.php sql injection

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed public...

CVE-2026-5824 code-projects Simple Laundry System userchecklogin.php sql injection

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed public...

CVE-2026-5824

The CVE-2026-5824 entry concerns code-projects Simple Laundry System 1.0. An SQL injection vulnerability exists in an unknown part of the file /userchecklogin.php, triggered by manipulating the userid argument. The issue is exploitable remotely and the exploit is publicly disclosed. No remediatio...

CVE-2026-5823 itsourcecode Construction Management System borrowed_tool_report.php sql injection

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowedtoolreport.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-5823 itsourcecode Construction Management System borrowed_tool_report.php sql injection

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowedtoolreport.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has...

SUSE CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

CVE-2026-5813 PHPGurukul Online Course Registration check_availability.php sql injection

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-1101 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries...

EUVD-2026-20625

A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request...

Improper Encoding or Escaping of Output

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in JsonAccessLogValve, which relies on an unescaped append in generating JSON logs. If non-default values are used for th...

CVE-2026-32588

A flaw was found in Apache Cassandra. An authenticated user can exploit this vulnerability by repeatedly changing their password over the Cassandra Query Language CQL. This action can significantly increase query latencies, leading to a Denial of Service DoS for the system. Mitigation Mitigation...

CVE-2026-5803

The CVE-2026-5803 entry concerns bigsk1/openai-realtime-ui (up to commit 188ccde27fdf3d8fab8da81f3893468f53b2797c) with a vulnerability in the API Proxy Endpoint’s server.js that enables server-side request forgery through a manipulated Query argument. It is described as remotely exploitable, and...