CVE-2026-33140

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing...

CVE-2025-41008

SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

CVE-2026-33166

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...

CVE-2026-33282

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with ue-presence-in-area-of-interest event type and omitting the optional UEPresenceInAreaOfInterestList IE. An attacker able to send crafted NGAP messages t...

CVE-2019-25633

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display nam...

report

...

EUVD-2018-21675

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...

CVE-2018-25208

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...

Suspected Hijacked Developer Accounts Spread npm Malware

Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk?...

EUVD-2026-16138

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is...

CVE-2026-32680

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:15+00:00| seen| https://jvn.jp/en/jp/JVN08057419/ 2026-03-26 07:20:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhx2v47k2r2t 2026-03-26 07:30:29+00:00| seen|...

OSV-2026-461 UNKNOWN READ in XRef::constructObjectEntry

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=495914144 Crash type: UNKNOWN READ Crash state: XRef::constructObjectEntry XRef::constructXRef XRef::XRef...

PT-2026-28562

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description Ella Core, a 5G core designed for private networks, experiences a panic when processing a specifically crafted NGAP LocationReport message. An attacker capable of sending crafted NGAP messages to...

InvenTree SQL注入漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides powerful low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.6 contained a SQL injection vulnerability. This vulnerability stemmed from the report template...

PT-2026-28489

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 1.2.6 InvenTree versions 1.2.6 through 1.3.0 Description InvenTree is an Open Source Inventory Management System. A path traversal issue exists in the report template engine, allowing a staff-level user to read...

CVE-2026-33912 OpenEMR has reflected XSS in ajax_download.php via reportID parameter

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

@0xgraph/cli (>=0.0.1 <=0.2.1), @7speck/logger (>=1.0.2 <=1.0.3) +801 more potentially affected by CVE-2026-33532 via yaml (>=1.0.0 <=1.10.2)

yaml NPM version =1.0.0, =0.0.1, =1.0.2, =1.0.1, =0.0.1, =0.0.0-nightly-20240619-f62ef04, =1.8.29, =1.0.0, =10.1.0, =8.0.4, =7.4.0, =1.0.0, =0.0.10, =4.1.16, =1.0.3, =0.6.6, =0.12.8 and more Source cves: CVE-2026-33532 Source advisory: OSV:GHSA-48C2-RRV3-QJMP...

EUVD-2026-14496

AVideo Allows Unauthenticated Access to ADServer reports.json.php that Exposes Ad Campaign Analytics and User Data...

NightOwl

NightOwl Advanced Penetration Testing Framework A modula...