CVE-2026-23858

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection...

CVE-2026-22765

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges...

CVE-2026-2976

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...

CVE-2025-15589

A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...

CVE-2026-3068

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2026-3068

CVE-2026-3068 affects itsourcecode Document Management System 1.0. The vulnerability resides in /deluser.php, where manipulating the user2del parameter allows remote SQL injection. Multiple connected sources confirm the flaw, its remote exploitability, and public availability of the exploit. PT-2...

CVE-2026-3068

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2026-3057

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

CVE-2026-3052

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...

CVE-2026-3053

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...

CVE-2026-3053

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

CVE-2026-2958

A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub457C5C of the file /boafrm/formWsc. Such manipulation of the argument saveapply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and...

CVE-2026-3052

DataLinkDC dinky up to 1.2.5 is affected. The vulnerable component is the Flink Proxy Controller (dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java) and its proxyUba function. The issue enables server-side request forgery (SSRF) and is exploitable remotely. The exploit has ...

CVE-2026-3043

A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and...

ROS-20260224-73-0022

A vulnerability in the Moodle virtual learning environment is related to the failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting XSS attack...

ROS-20260224-73-0035

Vulnerability in gitea related to a flaw in the authorization mechanism. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

ROS-20260224-73-0017

Vulnerability in moodle due to insufficient limitation of authentication attempts. Exploitation of the vulnerability could allow a remote attacker to launch a brute force attack...

Linux Distros Unpatched Vulnerability : CVE-2026-2968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component...

Linux Distros Unpatched Vulnerability : CVE-2026-2967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP...