CVE-2026-7817 vulnerabilities

Vulnerabilities for packages: pgadmin4...

CVE-2026-9627

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...

EUVD-2026-32030

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...

Fortinet FortiOS - Credentials Disclosure

Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a...

CVE-2026-9606

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manageuser.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

CVE-2026-9607

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

GHSA-P2RJ-MRMC-9W29 Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints

Summary The IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core do not enforce the required SystemPrivilege.ControlAccess check. As a result, any authenticated user even those with low or no privileges can enumerate all user accounts in the system, including their...

CVE-2026-9607 itsourcecode Courier Management System parcel_list.php sql injection

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

CVE-2026-9607 itsourcecode Courier Management System parcel_list.php sql injection

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

CVE-2026-9607

Itsourcecode Courier Management System 1.0 contains a SQL injection in /parcel_list.php triggered by manipulating the s argument. This is exploitable remotely over the network with low privileges and no user interaction, per the published CVE details. The connected documents confirm an in-the-wil...

EUVD-2026-32026

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

CVE-2026-45983

nfsd: never defer requests during idmap lookup...

CVE-2026-45975

ublk: use READONCE to read struct ublksrvctrlcmd...

WordPress plugin VikBooking Hotel Booking Engine & PMS 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

itsourcecode Courier Management System SQL注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the file/manageuser.php,...

MB Connect Line mbNET和MB Connect Line mbNET.mini 操作系统命令注入漏洞

MB Connect Line mbNET and MB Connect Line mbNET.mini are both products of the German company MB Connect Line. MB Connect Line mbNET is an industrial router. MB Connect Line mbNET.mini is a remote access router. Both MB Connect Line mbNET and MB Connect Line mbNET.mini have operating system comman...

PT-2026-43694

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfs mount options leak in ntfs fill super In ntfs fill super, the fc-fs private pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfs fs free to skip freeing...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the gfs2 file system’s gfs2fillsuper function. The improper handling of this function, particular...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient boundary checking in the checkxattrs function of the ext4 file system. This...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of scsi sd during the deviceadd process, resulting in the failure to call putdisk. Th...