CVE-2026-6618

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

CVE-2026-6610

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

CVE-2026-6878

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

CVE-2026-6874

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

CVE-2026-6799

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The attack can...

CVE-2026-6648

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The...

CVE-2026-6202

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

CVE-2026-6620

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...

CVE-2026-31051

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component...

CVE-2026-8256

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

CVE-2026-8267

A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smfnsmfhandlecreateddatainvsmf of the component SMF. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of...

CVE-2026-8250

A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smfn4buildqosflowtomodifylist of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to denial of service. The attack can be executed remotely. The exploit has been disclosed to the public and...

CVE-2026-8262

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

CVE-2026-7132

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...

CVE-2026-7109

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

CVE-2026-7073

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-7396

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. T...

CVE-2026-7785

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quickcapture of the file pysharkmcp.py. The manipulation results in os command injection. The attack may be launched...

CVE-2026-7130

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=deletecategory. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has...