CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

de.digitalcollections.cudami:dc-cudami-server-backend-jdbi (>=6.0.0 <=8.0.3-RC1), de.digitalcollections.cudami:dc-cudami-server-webapp (>=6.0.0 <=6.2.3) +2 more potentially affected by unknown CVE via org.jdbi:jdbi3-freemarker (>=3.30.0 <=3.52.0)

org.jdbi:jdbi3-freemarker MAVEN version =3.30.0, =6.0.0, =6.0.0, =9.0.0, =3.49.4, =3.52.0 Source cves: unknown CVE Source advisory: OSV:GHSA-MGGX-P7JF-JGW4...

EUVD-2026-19186

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

CVE-2026-4992

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2026-5002 PromtEngineer localGPT LLM Prompt server.py _route_using_overviews injection

A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function routeusingoverviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The attack may be performed fr...

EUVD-2026-16898

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2025-23334

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure...

CVE-2021-25275

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login...

RHEL 8 : pcp (RHSA-2024:3322)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3322 advisory. Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

Important: Red Hat Security Advisory: pcp security update

An update for pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2023-43762

Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server backend. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15...

PT-2023-16203 · Akuvox · Akuvox E11

Name of the Vulnerable Software and Affected Versions: Akuvox E11 affected versions not specified Description: The issue concerns command injection in the device phone-book contacts functionality of the Akuvox E11 web server backend library. This could allow an attacker to upload files with...

varnish -- HTTP/2 Request Forgery Vulnerability

Varnish Cache Project reports: A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server t...

Weak Password Vulnerability in WIFI Industrial Router F5936 at Xiamen Sihsin Communication Technology Co.

WIFI Industrial Router F5936 is industrial grade WIFI router. Weak password vulnerability exists in WIFI Industrial Router F5936 of Xiamen Sihsin Communication Technology Co. An attacker can use the vulnerability to log into the server backend and obtain sensitive information...

Weak Password Vulnerability in V2.3 Copy Management Server of Hangzhou Hikvision Digital Technology Co.

Hangzhou Hikvision Digital Technology Co., Ltd Hikvision Hikvision is a video-centered intelligent IoT solution and big data service provider. A weak password vulnerability exists in the Hikvision Digital Technology Co., Ltd. share management server V2.3, which can be exploited by an attacker to...