CVE-2026-9628

A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...

CVE-2026-9627

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...

EUVD-2026-32026

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

CVE-2026-38808

CVE-2026-38808 is a SQL Injection vulnerability affecting uzy-ssm-mall v1.1.0. The issue is reachable via the ProductMapper.xml and OrderUtil.java components, enabling a remote attacker to obtain sensitive information. The CVSS 3.1 vector indicates network access, low attack complexity, no privil...

PT-2026-44697

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An inappropriate implementation in the Media component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script...

PT-2026-43711

An issue in fetch jpg in xdrv 10 scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16 t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually...

PT-2026-43551

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

TeamSpeak 3 Server 安全漏洞

TeamSpeak 3 Server is a real-time voice communication server software developed by the TeamSpeak company. Versions of TeamSpeak 3 Server prior to 3.13.7 contain security vulnerabilities. These vulnerabilities stem from the client-handshake handler component’s handling of the ‘proof’ parameter,...

PT-2026-43472

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...

PT-2026-43586

An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server...

PT-2026-43470

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-38427

CVE-2026-38427 : In Tasmota up to 15.3.0.3, fetch_jpg() in xdrv_10_scripter.ino stores the JPEG Content-Length in a uint16_t. Values > 65535 wrap around, causing allocation of a smaller heap buffer than the data read and a heap buffer overflow. This enables a remote attacker over the network t...

CVE-2026-9606 itsourcecode Courier Management System manage_user.php sql injection

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manageuser.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

GO-2026-4958 Uncontrolled resource consumption when parsing SPDY frames in github.com/moby/spdystream

The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...

ALPINE-CVE-2026-42015

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

CVE-2026-9584 code-projects Project Management System Login chk.php sql injection

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly a...

CVE-2026-9584 code-projects Project Management System Login chk.php sql injection

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly a...

CVE-2026-9583

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

CVE-2026-9583 SourceCodester CET Automated Grading System with AI Predictive Analytics SQL index.php information exposure

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

CVE-2026-9583

The CVE-2026-9583 entry details an information-exposure vulnerability in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. It affects the SQL Handler component (file /index.php) where manipulation can cause information disclosure via error messages. The issue is exploi...