276236 matches found
PT-2026-7183
Name of the Vulnerable Software and Affected Versions FUXA versions 1.2.8 through 1.2.10 Description FUXA is a web-based Process Visualization software used in SCADA/HMI/Dashboard systems. An authorization bypass allows a remote, unauthenticated attacker to create and modify schedulers. This can...
PT-2026-7126
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrator...
PT-2026-7110
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA prior to 1.2.11 contained security vulnerabilities. These vulnerabilities were due to defects in the path cleaning logic, which could allow authenticated administrators to bypass directory traversal...
📄 Online Admission Software 2.6 SQL Injection
Online Admission Software version 2.6 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 SQL injection Vulnerabilit...
my little forum 代码问题漏洞
My Little Forum is an open-source online forum system based on PHP and MySQL. Versions prior to 20260208.1 had code vulnerabilities; these vulnerabilities stemmed from URL validation not filtering the phar protocol, which could lead to arbitrary file deletion...
Linux Distros Unpatched Vulnerability : CVE-2025-14831
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially...
CVE-2026-2135
A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now...
CVE-2026-2207
A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...
CVE-2026-2118
A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument IspName can lead to command injection. The attack can be launched remotely. The...
PT-2026-6976
Name of the Vulnerable Software and Affected Versions SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 Description A flaw exists in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 related to cross site scripting. The iss...
PT-2026-7014
Name of the Vulnerable Software and Affected Versions UTT 进取 521G version 3.1.1-190816 Description A flaw exists in the doSystem function within the /goform/setSysAdm file. Manipulation of the passwd1 argument can result in command injection. This issue may be exploited remotely. The exploit is...
CVE-2026-25859
Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...
CVE-2026-2113
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-25751
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...
EUVD-2026-5733
A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...
[SECURITY] Fedora 42 Update: bind-9.18.44-1.fc42
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
SoK: DARPA'S AI Cyber Challenge (AIxCC): Competition Design, Architectures, and Lessons Learned
DARPA's AI Cyber Challenge AIxCC, 2023--2025 is the largest competition to date for building fully autonomous cyber reasoning systems CRSs that leverage recent advances in AI -- particularly large language models LLMs -- to discover and remediate vulnerabilities in real-world open-source software...
PT-2026-6936
Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the /admin/edit expenses.php file, specifically through...
PT-2026-6903
Name of the Vulnerable Software and Affected Versions D-Link DWR-M921 version 1.1.50 Description A security issue exists in D-Link DWR-M921 version 1.1.50 related to command injection. The issue is located in the USSD Configuration component, specifically within the sub 419F20 function of the...