CVE-2026-11511

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

CVE-2026-11517 UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow

A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly...

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

CVE-2026-11501

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

CVE-2026-11505

CVE-2026-11505 affects GL.iNet devices (A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000, XE3000) running 4.8.x, due to a flaw in the glnassys component. The issue involves use of a hard-coded cryptographic key introduced or exposed via a manipulation, enabling a remote attack with high comp...

EUVD-2026-35037

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

CVE-2026-11499 Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote...

CVE-2026-11492 D-Link DIR-823G vsftpd vsftpd.conf least privilege violation

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...

CVE-2026-11491

CodeAstro Human Resource Management System 1.0 is affected in the Notice Board Management component, file /notice/All_notice. The vulnerability is a cross-site scripting flaw triggered by manipulating the Notice Title with an input like in a POST. This allows remote exploitation with a publicly ...

EUVD-2026-35020

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

CVE-2026-11438

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

CVE-2026-11435

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

CVE-2026-11479

CVE-2026-11479 affects yoanbernabeu grepai 0.35.0, specifically the Qdrant Backend component’s file indexer/chunker.go. The issue involves manipulation that leads to use of a weak hash, enabling a remote attack. Exploitation is described as difficult, with network attack vector and low privileges...

CVE-2026-11479 yoanbernabeu grepai Qdrant Backend chunker.go weak hash

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...

CVE-2026-11471

Affected product: SourceCodester Class and Exam Timetabling System 1.0. Vulnerability: SQL injection via manipulation of the Password argument in an unknown function in /index2.php. Impact/scope: Remote exploit possible; exploit has been public. CVSS details in sources indicate network access wit...

CVE-2026-11470

The CVE-2026-11470 issue affects the hs-web hsweb-framework up to version 5.0.1, specifically in the File Upload component FileUploadProperties.java. The vulnerability arises from manipulation of the filename argument, enabling path traversal. Attacks can be initiated remotely and exploit details...

PT-2026-47262

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

PT-2026-47280

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

PT-2026-47263

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save patient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

PT-2026-47268

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...