121619 matches found
CVE-2026-5642
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It ...
CVE-2026-5642 Cyber-III Student-Management-System HTTP POST Request update.php improper authorization
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It ...
CVE-2026-5642
Cyber-III Student-Management-System is affected up to commit 1a938fa61e9f735078e9b291d2e6215b4942af3f. The vulnerability lies in the HTTP POST Request Handler for /viva/update.php where manipulating the argument Name causes improper authorization. It can be initiated remotely and an exploit has b...
Server-side Request Forgery (SSRF)
Overview gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ws Endpoint component when processing the sourceurls argument. An attacker can access...
CVE-2026-31409 ksmbd: unset conn->binding on failed binding request
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...
EUVD-2026-19164
A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...
CVE-2026-5623
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...
EUVD-2026-19144
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...
CVE-2026-5607
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...
CVE-2026-5607 imprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgery
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...
CVE-2026-5607
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...
CVE-2026-5607
CVE-2026-5607 affects imprvhub mcp-browser-agent up to 0.8.0. The vulnerability resides in URL Parameter Handler’s CallToolRequestSchema within src/handlers.ts where manipulating request.params.name/request.params.arguments enables server-side request forgery. Public exploit disclosure and remote...
PT-2026-30605
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...
is-localhost-ip 2.0.0 - SSRF
Titles: is-localhost-ip 2.0.0 - SSRF Author: nu11secur1ty Date: 11/09/2025 Vendor: https://github.com/tinovyatkin/is-localhost-ip Software: https://github.com/tinovyatkin/is-localhost-ip/releases/tag/v2.0.0 Reference: https://portswigger.net/web-security/ssrf Description: SSRF PoC — Professional...
ASP.net 8.0.10 - Bypass
Exploit Title: ASP.net 8.0.10 - Bypass Date: 2025-11-03 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer CVE: CVE-2025-55315 Tested on: .NET Kestrel unpatched - ASP.NET Core on localhost lab environment Platform: remote Type...
PT-2026-30515
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...
vLLM 安全漏洞
vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.1.0 to 0.19.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of upper limit validation for the n parameter in the...
VulnCheck KEV: CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
📄 ASP.net 8.0.10 HTTP Request Smuggling / Authentication Bypass
ASP.net version 8.0.10 suffers from HTTP request smuggling, bypass, and server-side request forgery vulnerabilities. Exploit Title: ASP.net 8.0.10 - Bypass Date: 2025-11-03 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer CV...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to clear the binding state after a binding request fails, potentially leading to session...