1883 matches found
CVE-2026-14775 SourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted upload
A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...
PT-2026-55832
Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the /process lesson.php file where manipulation of the user id variable allows for unrestricted file upload. This flaw can be exploited...
CVE-2026-14654
A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...
CVE-2026-14654
A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...
CVE-2026-14654 SourceCodester Simple and Nice Shopping Cart Script girlsproductdeletequery.php sql injection
A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...
CVE-2026-14654
CVE-2026-14654 concerns an SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0. The flaw affects an unknown function in the file /admin/girlsproductdeletequery.php where manipulating the user_id argument enables injection. The vulnerability can be exploited remotely and the e...
CVE-2026-14653 SourceCodester Simple and Nice Shopping Cart Script mensproductdeletequery.php sql injection
A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument userid causes sql injection. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-14653
A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument userid causes sql injection. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-14653
SourceCodester Simple and Nice Shopping Cart Script 1.0 contains an SQL injection in /admin/mensproductdeletequery.php exposed by manipulating the user_id argument. The vulnerability is remotely exploitable (attack vector: NETWORK) with LOW to MEDIUM impacts per CVSS data: Confidentiality, Integr...
PT-2026-55733
Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...
PT-2026-54922
Name of the Vulnerable Software and Affected Versions NodeBB affected versions not specified Description NodeBB fails to bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. While the inbound middleware verifies the HTTP-signature actor and the origin of the...
CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-4360
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-4360
Summary of CVE-2026-4360 (mode C) The issue concerns Python’s tarfile TarFile.extract() where the filter parameter is not correctly applied when extracting hardlinks. The vulnerability can allow an affected system that processes tar files from untrusted sources to write files with an unexpected u...
DEBIAN-CVE-2026-58302
rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...
PT-2026-53894
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description In the extract function of the Tarfile module, the filter parameter is not correctly handled when extracting hardlinks. This issue allows a system extracting content from untrusted tar files t...
CVE-2026-13482 skypilot-org skypilot User ID server.py username.encode weak hash
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...
CVE-2026-13482
CVE-2026-13482 affects skypilot-org/skypilot
CVE-2026-49413
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...
CVE-2026-49413 Flaw in Linuxulator execution of setugid binaries
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...