CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

EUVD-2026-25654

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2026-6977

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

CVE-2026-41989

A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman ECDH ciphertext to the gcrypkdecrypt function. This can lead to a heap-based buffer overflow, potentially causing a denial of service DoS condition. Mitigation...

CVE-2026-6977 vanna-ai vanna Legacy Flask API improper authorization

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

EUVD-2026-25653

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

CVE-2026-6977

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

CVE-2026-6977

CVE-2026-6977 affects vanna-ai vanna up to 2.0.2, arising from an unknown function in the Legacy Flask API that leads to improper authorization. The vulnerability is exploitable remotely and has been disclosed publicly; exploitation status is indicated as a public disclosure with potential use. T...

PT-2026-35153

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

PT-2026-35149

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

PT-2026-35147

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

PT-2026-35166

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

PT-2026-35174

Name of the Vulnerable Software and Affected Versions BIVOCOM TR321 version 21.1.1.50 Description A flaw in the Wireless Setting component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. This occurs through the...

PT-2026-35168

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...

PT-2026-35160

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

PT-2026-35161

A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descrição results in cross site scripting. The attack can be initiated remotely. The exploit has been made...

PT-2026-35177

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get message ajax.php of the component Private Message Handler. Executing a manipulation of the argument c id can lead to sql injection. It is possible to launch the...

PT-2026-35175

A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the argument VLAN Name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to...