CVE-2026-6180

A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notificatio...

PT-2026-46606

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the FileSystem component allows a remote attacker who has already compromised the renderer process to bypass the same origin policy, which is a securi...

CVE-2026-35277

...

CVE-2026-42015

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

PT-2026-42023

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

CVE-2026-7283

SourceCodester Pharmacy Sales and Inventory System 1.0 exposes a SQL injection in /ajax.php?action=save_expired caused by manipulating the ID argument. The flaw is remote‑exploitable and is associated with CVE-2026-7283. Public exploit availability is noted in the reports. The connected documents...

CVE-2024-54011

Technical details about CVE-2024-54011 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-6188

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=deletesales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and...

CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

Pharmacy Point Of Sale System 安全漏洞

The Pharmacy Point Of Sale System is a web-based application developed by Carlo Montero. It is used to help a pharmacy manage its sales transactions. Version 1.0 of the Pharmacy Point Of Sale System has a security vulnerability, which stems from an SQL injection vulnerability in the...

CVE-2026-26965

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstData at nYDst+y nDstStep + 4nXDst + nChannel without verifying that nYDst+nSrcHeight fits in the destination height or that...

CVE-2025-67482

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...

CVE-2026-21982

CVE-2026-21982 affects Oracle VM VirtualBox Core in the Oracle Virtualization product. Affected versions are 7.1.14 and 7.2.4. The issue allows an unauthenticated attacker with access to the physical communication segment attached to the hardware running VirtualBox to compromise the software, pot...

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

Vivotek IP7137 操作系统命令注入漏洞

The Vivotek IP7137 is an IP camera from China's Vivotek Communications Vivotek. An operating system command injection vulnerability exists in the Vivotek IP7137 version 0200a, which stems from improper cleanup of the parameter systemntpIt, and could lead to a command injection attack...

CVE-2025-14889

Campcodes Advanced Voting Management System 1.0 is affected. The vulnerability lies in the Password Handler’s unknown function within /admin/voters_edit.php where manipulating the ID parameter causes improper authorization. The issue is remotely exploitable and the exploit has been publicly relea...

PT-2025-47147

Name of the Vulnerable Software and Affected Versions itsourcecode Online Voting System version 1.0 Description A security flaw exists in itsourcecode Online Voting System version 1.0. The issue involves SQL injection stemming from manipulation of the ID argument within the file...

EUVD-2025-37471

A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/logincrud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

EUVD-2025-33299

A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Management-System up to dc9e0393d826fbc85fad9755b5bc12cba1919df2. The impacted element is an unknown function of the file /donateblood.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be...

PT-2025-41136

Name of the Vulnerable Software and Affected Versions SourceCodester Hotel and Lodge Management System version 1.0 Description A flaw exists in SourceCodester Hotel and Lodge Management System 1.0. The issue involves SQL injection, potentially exploitable remotely, stemming from manipulation of t...