CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

Revive Adserver: Banner status override by advertiser‑level users

A vulnerability was reported in Revive Adserver 6.0.6 and earlier, which allowed an advertiser-level user to activate or deactivate a banner without proper permissions. The issue was caused by the banner-edit.php script, which allowed the banner status to be overwritten solely based on banner edi...

EUVD-2026-22977

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

Code-Projects Simple ChatBox SQL注入漏洞

Code-Projects Simple ChatBox is a simple chat box system developed by Code-Projects as open source. Versions of Code-Projects Simple ChatBox 1.0 and earlier contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the msg parameter in the...

EUVD-2026-15553

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

CVE-2026-27068

CVE-2026-27068 describes a Reflected XSS in the WordPress plugin Website LLMs.txt (versions n/a through <= 8.2.6). The issue arises from improper neutralization of input during web page generation, enabling cross-site scripting when user-supplied data is reflected. Several connected sources (N...

CVE-2026-29521 Hereta ETH-IMC408M CSRF via Configuration Setup

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using...

CVE-2026-4209 D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

CVE-2026-27485

Summary (concrete details): CVE-2026-27485 affects OpenClaw’s npm package, specifically the packaging helper script under skills/skill-creator/scripts/package_skill.py. The vulnerability arises when the script, run on a crafted local skill directory, follows symlinks to files outside the skill ro...

CVE-2026-2550 EFM iptime A6004MX timepro.cgi commit_vpncli_file_upload unrestricted upload

A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commitvpnclifileupload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was...

WAVLINK WL-WN579A3 命令注入漏洞

The WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card developed by WAVLINK Corporation. The Wavlink WL-WN579A3 versions prior to 20210219 have a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter SSID2G2 in the function...

CVE-2026-24149

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

CVE-2026-24149

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...

CVE-2025-12774

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

CVE-2026-1623

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2025-67630 WordPress WH Tweaks plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through = 1.0.2...

CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-63645

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

CVE-2025-23357

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering...