CVE-2026-2819

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...

CVE-2026-2861

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-2861 Foswiki Changes/Viewfile/Oops information disclosure

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-2860

A security vulnerability has been detected in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization. It is possible to initiate the attack...

CVE-2026-26725

An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 fixed in 19.76 allows a remote attacker to escalate privileges via the AccessID parameter...

CVE-2026-2635

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The fi...

CVE-2026-2852

The CVE-2026-2852 issue affects yeqifu warehouse’s Sales Endpoint, specifically the SalesController.java functions addSales/updateSales/deleteSales in the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java. The vulnerability is caused by improper access cont...

CVE-2026-26721

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter...

CVE-2026-22885

A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory...

CVE-2026-22885 EnOcean SmartServer IoT Out-of-bounds Read

A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory...

CVE-2026-2709

A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...

CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-2824

Comfast CF-E7 firmware 2.6.0.9 contains a vulnerability in webmggnt’s /cgi-bin/mbox-config?method=SET&section=ping_config: the function sub_441CF4 can be tricked by altering the destination argument to achieve command injection. The flaw allows remote exploitation; multiple sources note the explo...

CVE-2026-2820

A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be...

CVE-2026-2665

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

PT-2026-21247

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerCacheController.java of the component Cache Sync Handler...

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

PT-2026-21022

Name of the Vulnerable Software and Affected Versions EnOcean SmartServer IoT versions prior to 4.60.009 Description A flaw exists that could allow remote attackers to cause a memory leak. This can occur by sending specially crafted IP-852 messages within LON IP-852 management messages...

CVE-2026-26359

Dell Unisphere for PowerMax 10.2 is vulnerable to External Control of File Name or Path. A low-privileged, remote attacker could overwrite arbitrary files due to unsafely handled file names/paths. The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and privile...

CVE-2026-2629

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...