PT-2026-24935

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

PT-2026-24917

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is...

PT-2026-25004

Name of the Vulnerable Software and Affected Versions projectsend versions prior to r1946 Description A flaw exists in projectsend up to revision r1945. This impacts an unknown function within the includes/Classes/Auth.php file. Manipulating the ldap email argument can cause an observable...

AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass

An unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware...

CVE-2026-3963 perfree go-fastdfs-web Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key

A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key...

CVE-2026-3961

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function topilimage of the file manga-image-translator-main/server/requestextraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is...

DEBIAN-CVE-2026-3940

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-3942

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-3932

Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-3927

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-3920

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3958

Woahai321 ListSync ≤0.6.6 is affected. The vulnerability is in the function requests.post of list-sync-main/api_server.py (JSON Handler) and allows server-side request forgery. It can be exploited remotely; an exploit has been disclosed publicly. Attackers may use the vulnerable server to make un...

CVE-2026-3946

CVE-2026-3946 affects PHPEMS 11.0. The vulnerability is in an unknown function of the file /index.php?ask=app-ask, where manipulation of the askcontent argument yields cross-site scripting. This can be exploited remotely; the exploit is public. The provided data does not specify a fixed version, ...

CVE-2026-32059

OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long optio...

CVE-2026-3943

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-15603

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...

PT-2026-24668

🚨 CVE-2026-3944 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

ROS-20260311-73-0004

Vulnerability in mongodb-org related to a flaw in the use of assert. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...