CVE-2026-41013

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

PT-2026-46976

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboard page/forms/fetch.php. The manipulation of the argument department...

PT-2026-46967

Improper Access Control, Missing Authorization vulnerability in HAVELSAN Inc. Geographic Tracking System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Geographic Tracking System: before v0.0.2...

PT-2026-47008

Name of the Vulnerable Software and Affected Versions code-projects Vehicle Management System version 1.0 Description An unrestricted file upload issue exists within the New Driver Registration Form component in the file 'newdriver.php'. A remote attacker can achieve this by manipulating the phot...

PT-2026-46977

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

Open XDMoD 操作系统命令注入漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions 9.5.0 to 11.0.2 of Open XDMoD contain a vulnerability related to operating system command injection. This vulnerability allows attackers to remotely...

HAXCMS 代码问题漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from improper session termination, which could allow attackers to obtain valid tokens and gain persistent access to...

CollegeManagementSystem 授权问题漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are authorization issues in CollegeManagementSystem; these issues stem from improper handling of the UserAuthData parameter in the sessionstart functio...

PT-2026-46906

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

PT-2026-46965

Observable response discrepancy vulnerability in HAVELSAN Inc. Geographic Tracking System allows System Footprinting. This issue affects Geographic Tracking System: before v0.0.2...

PT-2026-46966

Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking System allows Exploitation of Trusted Identifiers. This issue affects Geographic Tracking System: before v0.0.2...

PT-2026-47007

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

PT-2026-46974

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

HAX 操作系统命令注入漏洞

HAX is an open-source microsite developed by HAX The Web, managed using PHP as the backend. Versions of HAX prior to 26.0.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from an authenticated file overwrite vulnerability, which could allow...

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX prior to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the saveFile endpoint’s validation mechanism, which does not distinguish between uppercase and lowercase file extensions...

SourceCodester Ship Ferry Ticket Reservation System 代码注入漏洞

The SourceCodester Ship Ferry Ticket Reservation System is an open-source booking system for ship tickets developed by SourceCodester. Version 1.0 of the SourceCodester Ship Ferry Ticket Reservation System has a code injection vulnerability. This vulnerability stems from improper handling of the...

CollegeManagementSystem 授权问题漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are authorization issues in CollegeManagementSystem; these vulnerabilities stem from improper handling of the UserAuthData parameter in the...

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. There were security vulnerabilities in HAX CMS PHP versions prior to 26.0.0. These vulnerabilities stemmed from an authentication-based local file inclusion vulnerability in the saveOutline endpoint, which could allow...

Code-Projects Vehicle Management System 代码问题漏洞

The Code-Projects Vehicle Management System is an open-source vehicle management system developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Management System has code-related vulnerabilities. These vulnerabilities stem from improper handling of parameters in the newdriver.php fil...

D-Link DWR-M920 操作系统命令注入漏洞

The D-Link DWR-M920 is a router produced by D-Link Corporation. Versions of the D-Link DWR-M920 prior to 1.1.50 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the IMEIvalue parameter in the sub412DA0 function found in...