40964 matches found
CVE-2026-7743 CodeAstro Online Classroom studentdetails sql injection
A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2026-7743
CVE-2026-7743 affects CodeAstro Online Classroom 1.0. The vulnerability is in an unknown function of /OnlineClassroom/studentdetails where manipulating the argument deleteid triggers an SQL injection. The issue is exploitable remotely and has been disclosed publicly. Connected records confirm the...
CVE-2026-7743 CodeAstro Online Classroom studentdetails sql injection
A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...
EUVD-2026-26929
A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2026-7742
A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...
EUVD-2026-26928
A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...
Prefect Git Argument Injection in GitRepository Pull Steps
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
GHSA-6RCX-55R6-JX65 Prefect Git Argument Injection in GitRepository Pull Steps
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
CVE-2026-7733
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...
CVE-2026-7738 puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...
CVE-2026-7738
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...
CVE-2026-7738 puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...
CVE-2026-7737
CVE-2026-7737 affects osrg GoBGP up to 4.3.0. The vulnerability lies in the BMP parser, specifically BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody in pkg/packet/bmp/bmp.go, where input manipulation leads to an out-of-bounds read. The issue is exploitable remotely. A fix is pub...
CVE-2026-7737 osrg GoBGP BMP Parser bmp.go BMPStatisticsReport.ParseBody out-of-bounds
A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...
CVE-2026-7736 osrg GoBGP mrt.go parseRibEntry integer underflow
A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...
CVE-2026-7736
The vulnerability CVE-2026-7736 affects osrg GoBGP up to version 4.3.0, specifically the parseRibEntry function in pkg/packet/mrt/mrt.go. The technical issue is an integer underflow triggered by manipulation, with remote exploit potential. A fix is available in GoBGP 4.4.0 (commit 76d911046344a39...
CVE-2026-7730
A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...
CVE-2026-7728
A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function getdoccontent/readdoc/updatedoc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly...
CVE-2026-7735
The CVE concerns osrg GoBGP (up to 4.3.0) where the PathAttributeAigp.DecodeFromBytes function in pkg/packet/bgp/bgp.go handles the AIGP Attribute Parser. A manipulation can cause a buffer overflow, enabling remote initiation of an attack. This entry specifies that upgrading to version 4.4.0 addr...
CVE-2026-7735 osrg GoBGP AIGP Attribute bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow
A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...