CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

CVE-2026-3194

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

CVE-2026-3194

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

CVE-2026-3193

A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /sendtransaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered...

CVE-2026-3192 Chia Blockchain RPC Credential rpc_server_base.py _authenticate improper authentication

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

CVE-2026-2852

A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The...

PT-2025-43865

Name of the Vulnerable Software and Affected Versions Kamailio version 5.5 Description A flaw exists in Kamailio that involves a use-after-free condition. This issue is located within the Configuration File Handler component, specifically in the sr push yy state function of the src/core/cfg.lex...

EUVD-2025-32446

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

PT-2025-32467 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos Litmus due to improper control of resource identifiers resulting from the manipulation of the projectID argument. This issue can be exploited...

PT-2025-32445 · Vsftpd +1 · Vsftpd +1

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version FW103B02 Description: A vulnerability exists in TRENDnet TEW-822DRE FW103B02, affecting an unknown part of the vsftpd component. The issue results in a least privilege violation. Local access is required for...

Linux Distros Unpatched Vulnerability : CVE-2025-0447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML...

WordPress Photocart Link 1.6 Local File Inclusion

Exploit Title: Wordpress Plugin Photocart Link - Local File Inclusion Exploit Author: CrashBandicot @DosPerl Date: 2016-03-27 Google Dork : inurl:/wp-content/plugins/photocart-link/ Vendor Homepage: https://fr.wordpress.org/plugins/photocart-link/ Tested on: MSWin32 Version: 1.6 Vuln file :...

WordPress Plugin Photocart Link 1.6 - Local File Inclusion

Exploit Title: Wordpress Plugin Photocart Link - Local File Inclusion Exploit Author: CrashBandicot @DosPerl Date: 2016-03-27 Google Dork : inurl:/wp-content/plugins/photocart-link/ Vendor Homepage: https://fr.wordpress.org/plugins/photocart-link/ Tested on: MSWin32 Version: 1.6 Vuln file :...

UNIT4 Prosoft HRMS 8.14.230.47 Cross Site Scripting

Vulnerability type: Cross-site Scripting Vendor: http://www.unit4.com/ Product: UNIT4 Prosoft HRMS Product site: http://www.unit4apac.com/products/prosofthrms Affected version: 8.14.230.47 Fixed version: 8.14.330.43 Credit: Jerold Hoong & Edric Teo PROOF OF CONCEPT The login page of UNIT4's Proso...

Novell Sentinel Log Manager <= 1.2.0.2 - Retention Policy Vulnerability

No description provided by source. Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo Usage: basename $0 target exit 1 fi echo POST...

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Advisory-ID: 201404301 Discovery Date: 03.27.2014 Release Date: 04.30.2014 Affected Applications: CGILua 5.0.x, CGILua 5.1.x., CGILua 5.2 alpha 1 & CGILua 5.2 alpha 2 Class: Predictable Session ID Status: Unpatched/Vendor...

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 targe...

Linux Kernel 2.6.38 Remote NULL Pointer Dereference

Linux Kernel 2.6.38 Remote NULL Pointer Dereference ==================================================== Advisory Information Title: Linux kernel 2.6.38: Remote NULL pointer dereference Release date: 11/05/2011 Last update: 11/05/2011 Credits: Aristide Fattori, Universitа degli Studi di Milano...

cpcommerce-bypass.txt

Author: girex Homepage: girex.altervista.org CMS: cpCommerce 1.2.6 Site: http://cpcommerce.cpradio.org/ Bug: URL Rewrite - Input variables overwrite PoC: Auth bypass - Shell upload Note: Works regardless php.ini settings Vendor informed: 23/11/08 cpCommerce 1.2.7 released: 30/11/08 Public advisor...

Social Engine 2.7 CRLF Injection + SQL injection

HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...