PT-2026-23915

A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered t...

PT-2026-23981

A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher id can lead to sql injection. The attack may be launched remotely. The exploit has been...

PT-2026-23908

Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions through 1.7.7-171114 Description A buffer overflow issue exists in the strcpy function within the /goform/NTP file. Remote attackers can exploit this by manipulating the function, potentially leading to a compromise of...

PT-2026-23911

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub 405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit h...

PT-2026-23928

Name of the Vulnerable Software and Affected Versions code-projects Simple Flight Ticket Booking System version 1.0 Description A security flaw exists in code-projects Simple Flight Ticket Booking System version 1.0. The issue involves SQL injection, potentially allowing remote attackers to explo...

CVE-2026-3672

JeecgBoot up to 3.9.1 contains a SQL injection flaw in isExistSqlInjectKeyword, located in /jeecg-boot/sys/api/getDictItems, allowing remote exploitation. The exploit has been disclosed publicly. No remediation details are provided in the supplied documents.

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

CVE-2026-3668

A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...

CVE-2026-3662

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...

CVE-2026-3540

An inappropriate implementation flaw was found in the WebAudio component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484088917...

CVE-2026-3616

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

CVE-2026-3610

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument errordescription results in cross site scripting. The...

orpc 安全漏洞

orpc is an open-source RPC and OpenAPI integration framework developed by middleapi. Versions of oRPC prior to 1.13.6 contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution in the RPC JSON deserializer of the @orpc/client package. This could allow unauthenticat...

PT-2026-23681

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mysql (UTSA-2026-005902)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005902 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easi...

ROS-20260306-73-0027

A vulnerability in the patavia function of the Linux kernel is related to improper resource release. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260306-73-0019

A vulnerability in the lecdattach function of the Linux operating system kernel relates to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260306-73-0020

A vulnerability in the rcudereferencertnl function of the Linux kernel is related to a pointer dereference error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...