PT-2026-38554

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save user. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could b...

GHSA-VVFC-FP59-M92G Langflow: DoS Through Lack of File Size Restriction via Deprecated Unauthenticated File Upload API

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

PT-2026-30385

Name of the Vulnerable Software and Affected Versions Tenda 4G03 Pro versions 1.0 through 1.1 and 04.03.01.53 Description A security flaw exists in Tenda 4G03 Pro. The issue involves improper access controls related to an unknown functionality within the /bin/httpd file. The attack can be perform...

CVE-2025-15233

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

PT-2025-52619

Name of the Vulnerable Software and Affected Versions Tenda WH450 version 1.0.0.18 Description A weakness exists in the Tenda WH450 device. The issue is a stack-based buffer overflow within the HTTP Request Handler component, specifically related to the file '/goform/CheckTools'. Manipulation of...

CVE-2025-11389

CVE-2025-11389 affects Tenda AC15 firmware 15.03.05.18. The vulnerability is a stack-based buffer overflow in an unknown function within /goform/saveAutoQos triggered by manipulating the enable parameter due to improper input length validation. It enables remote code execution with network attack...

CVE-2025-11325

A security flaw has been discovered in Tenda AC18 15.03.05.196318. Affected by this issue is some unknown functionality of the file /goform/fastsettingpppoeset. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack is possible to be carried out...

PT-2025-38717

A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of the file /justines/admin/mod reservation/index.php?view=view. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is...

PT-2025-37428

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Grading System version 1.0 Description: A security flaw exists in SourceCodester Student Grading System 1.0. The issue is related to SQL injection within the /edit user.php file. Manipulation of the ID parameter can...

PT-2025-34728 · Unknown · 1000Projects Online Project Report Submission/Evaluation System

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A security flaw exists in 1000projects Online Project Report Submission and Evaluation System version 1.0. The manipulation of the address argument i...