Malicious code in @antoncallahan/aws-user-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f93a70eff01af53e3710dab5d23b991b7255e6236bc2db796097bb35ace98a6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5101 Malicious code in @antoncallahan/aws-user-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f93a70eff01af53e3710dab5d23b991b7255e6236bc2db796097bb35ace98a6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress GutenBee – Gutenberg Blocks plugin <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin GutenBee versions = 2.20.1...

CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

CVE-2026-10237

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

CVE-2026-10237 SourceCodester Water Billing Management System User Management manage_user sql injection

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

EUVD-2026-33582

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

CVE-2026-10237 SourceCodester Water Billing Management System User Management manage_user sql injection

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

CVE-2026-10237

CVE-2026-10237 affects SourceCodester Water Billing Management System 1.0. The vulnerability is an SQL injection in the User Management Module, exploitable by manipulating the ID argument in the /admin/?page=user/manage_user endpoint. The issue is remote and can be exploited with the exploit publ...

CVE-2026-10236

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely...

CVE-2026-10236 SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely...

EUVD-2026-33579

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely...

CVE-2026-10236 SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely...

CVE-2026-10236

Technical details about CVE-2026-10236 are not publicly available in the provided documents. Monitor for updates from authoritative sources for affected components, vulnerable files, and remediation steps.

EUVD-2026-33572

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

PuneethReddyHC Online Shopping System homeaction.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...

XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...

CVE-2026-10227 raisulislamg4 student_management_system_by_php User Creation add_user_check.php sql injection

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...