41188 matches found
CVE-2026-13489
A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...
EUVD-2026-39993
A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ...
EUVD-2026-39992
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...
CVE-2026-13493 AIDC-AI ComfyUI-Copilot Workflow Checkpoint Restore conversation_api.py resource injection
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...
CVE-2026-13488
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument courseyearsection results in sql injection. The attack may be launched remotely...
CVE-2026-13487
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the argument sy leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...
EUVD-2026-39991
A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...
CVE-2026-13490 glpi-project glpi Document document.send.php canViewFile authorization
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...
CVE-2026-13490
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...
CVE-2026-13490
The CVE concerns glpi-project glpi versions 11.0.5/11.0.6/11.0.7. It affects the Document Handler, specifically Document::canViewFile in front/document.send.php. Manipulating the docid argument can bypass authorization, enabling a remote attack. The description notes high complexity and that expl...
CVE-2026-13489
The CVE-2026-13489 entry describes a vulnerability in 78 xiaozhi-esp32
CVE-2026-13488 SourceCodester Class and Exam Timetabling System preview7.php sql injection
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument courseyearsection results in sql injection. The attack may be launched remotely...
CVE-2026-13486
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument courseyearsection can lead to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2026-13485
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...
EUVD-2026-39987
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the argument sy leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...
CVE-2026-13487
CVE-2026-13487 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in an unknown function of /archive.php caused by manipulation of the sy argument. It can be exploited remotely, and public exploit code is available. The CVSS-derived metrics indicat...
CVE-2026-13486
SourceCodester Class and Exam Timetabling System 1.0/6.php contains a SQL injection vulnerability in the /preview6.php endpoint, triggered by manipulating the course_year_section parameter. Exploitation can be performed remotely, and public disclosure of the exploit is noted across CVE records (C...
EUVD-2026-39985
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...
CVE-2026-13485 SourceCodester Class and Exam Timetabling System preview.php sql injection
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...
CVE-2026-13483
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...