276238 matches found
PT-2026-6911
Name of the Vulnerable Software and Affected Versions SourceCodester Online Class Record System version 1.0 Description A flaw exists in the processing of the /admin/message/search.php file within the software. Manipulating the term argument can result in SQL injection. This issue can be exploite...
PT-2026-6936
Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the /admin/edit expenses.php file, specifically through...
PT-2026-6903
Name of the Vulnerable Software and Affected Versions D-Link DWR-M921 version 1.1.50 Description A security issue exists in D-Link DWR-M921 version 1.1.50 related to command injection. The issue is located in the USSD Configuration component, specifically within the sub 419F20 function of the...
PT-2026-6907
Name of the Vulnerable Software and Affected Versions SourceCodester Online Class Record System version 1.0 Description A flaw exists in SourceCodester Online Class Record System 1.0. The issue is related to the manipulation of the user email argument within the file '/admin/login.php', leading t...
CVE-2020-37109 aSc TimeTables 2020.11.4 - Denial of Service
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and...
CVE-2026-25791
creationtimestamp| type| source ---|---|--- 2026-02-06 22:41:59+00:00| published-proof-of-concept| https://github.com/BishopFox/sliver/security/advisories/GHSA-wxrw-gvg8-fqjp 2026-02-09 21:20:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meheu7qmj72g 2026-02-09...
Exploit for CVE-2025-2304
CVE-2025-2304 - Camaleon CMS 2.9.0 - Privilege Escalation Expl...
CVE-2025-15320 Tanium addressed a denial of service vulnerability in Tanium Client.
Tanium addressed a denial of service vulnerability in Tanium Client...
Claude Code has Permission Deny Bypass Through Symbolic Links
Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude...
CVE-2026-25751 FUXA Unauthenticated Exposure of Plaintext Database Credentials
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...
CVE-2026-25751 FUXA Unauthenticated Exposure of Plaintext Database Credentials
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...
CVE-2026-25752
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...
CVE-2026-25752 FUXA Unauthenticated Remote Arbitrary Device Tag Write
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...
CVE-2026-25752 FUXA Unauthenticated Remote Arbitrary Device Tag Write
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...
CVE-2026-24419
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module's add.php file. The application fails to validate that comma-separated...
CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...
Malicious code in @hashicorp-internal/vault-reporting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85e2c508de22734977cac24ec430b5cfece85e6367f577df76caa740b5594eb7 The package @hashicorp-internal/vault-reporting was found to contain malicious code. Source: ghsa-malware...
Vulnerability fixed in Cisco TelePresence Collaboration Endpoint
Cisco has fixed a vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software. The vulnerability is in how the text viewer system does not perform sufficient input control. This can be exploited by unauthenticated remote attackers, leading to a denial-of-service DoS and affecti...
Malicious code in adobe_pipeline_test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e438937c9c04fd06645a505f5bd509ee3c1fa942be02cefa881023f849b781 The package adobepipelinetest was found to contain malicious code...
CVE-2025-70073
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...