PT-2026-33453

Name of the Vulnerable Software and Affected Versions QueryMine sms versions up to 7ab5a9ea196209611134525ffc18de25c57d9593 Description A SQL injection flaw exists in the GET Request Parameter Handler component within the 'admin/deletecourse.php' file. A remote attacker can trigger this issue by...

PT-2026-33450

Name of the Vulnerable Software and Affected Versions QueryMine sms affected versions not specified Description An unrestricted file upload flaw exists in the Background Management Page component. The issue occurs during the processing of the file 'admin/addteacher.php' when the image argument is...

PT-2026-33449

Name of the Vulnerable Software and Affected Versions QueryMine sms versions up to 7ab5a9ea196209611134525ffc18de25c57d9593 Description Remote SQL injection is possible via the GET Request Parameter Handler in the 'admin/editcourse.php' file. The issue occurs when the ID argument is manipulated,...

PT-2026-33458

Name of the Vulnerable Software and Affected Versions lukevella rallly versions prior to 4.8.0 Description A flaw in the Reset Password Handler component within the file 'apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx' allows for remote cross site scripting. This...

PT-2026-33447

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

PT-2026-33446

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

PT-2026-33459

Name of the Vulnerable Software and Affected Versions Prasathmani TinyFileManager versions prior to 2.7 Description A path traversal issue exists in the POST Parameter Handler component within the '/filemanager.php' file. Remote attackers can manipulate the file argument to access files and...

ROS-20260417-73-0020

A vulnerability in the ContentStream.readInlineImage function of the PyPDF2 PDF processing library is related to incorrect implementation of the loop exit condition. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted PDF fil...

ROS-20260417-73-0024

Vulnerability in python-PyPDF2 related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

CVE-2026-6148

A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCHID results in sql injection. The attack is possibl...

dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

EUVD-2026-23086

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-6360

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-6129

A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The...

CVE-2026-20152 Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

CVE-2026-33023

A flaw was found in libsixel, specifically when it is built with the gdk-pixbuf2 option. A remote attacker can exploit a use-after-free vulnerability by supplying a crafted image, which can lead to information disclosure, memory corruption, or arbitrary code execution. Mitigation Mitigation for...

CVE-2026-6122

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

CVE-2026-6186

A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit...

CVE-2026-6118

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function addmcpserver of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out...