40975 matches found
GHSA-FM5R-CJ7V-RJ2C ShowDoc has an Injection vulnerability
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
CVE-2026-6984 AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...
CVE-2026-6984
AstrBotDevs AstrBot up to version 4.22.1 contains a vulnerability in the Dashboard API, specifically in the create_template function (astrbot/dashboard/routes/t2i.py). The issue is improper neutralization of special elements used in the template engine, enabling remote execution. Public exploit i...
EUVD-2026-25660
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...
CVE-2026-6984
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...
CVE-2026-6982
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
CVE-2026-6983
Pagekit
EUVD-2026-25659
A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...
CVE-2026-6983
A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...
CVE-2026-6983 pagekit download server-side request forgery
A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...
CVE-2026-6982 star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
CVE-2026-6981 IhateCreatingUserNames2 AiraHub2 Endpoint AiraHub.py sync_agents server-side request forgery
A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the function connectstreamendpoint/syncagents of the file AiraHub.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack ma...
CVE-2026-6981
Technical details about CVE-2026-6981 are not publicly available in the provided documents. The Initial Description mentions a server-side request forgery in connect_stream_endpoint/sync_agents of AiraHub.py, with remote exploit potential. Monitor for updates.
CVE-2026-6980
A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...
CVE-2026-6980 Divyanshu-hash GitPilot-MCP main.py repo_path command injection
A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...
CVE-2026-6978
A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...
CVE-2026-6979
A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...
CVE-2026-6979
Affects devlikeapro WAHA up to 2026.3.4; vulnerable in the API Request Handler function src/api/media.controller.ts, enabling server-side request forgery. Attackable remotely; exploit published. Vendor unresponsive. No remediation details provided in the documents.
CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery
A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...
CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery
A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...