EUVD-2026-26802

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...

PT-2026-32285

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-6129 zhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authentication

A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The...

CVE-2026-5825

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and ma...

PT-2026-29327

Name of the Vulnerable Software and Affected Versions SourceCodester Leave Application System version 1.0 Description A file inclusion issue exists in SourceCodester Leave Application System. Exploitation involves manipulating the page argument, potentially allowing for remote code execution. The...

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-8MF7-VV8W-HJR2...

CVE-2026-1161 pbrong hrms recruitment.go UpdateRecruitmentById cross site scripting

A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-1153 technical-laohu mpay cross-site request forgery

A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...

EUVD-2025-205685

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be...

EUVD-2025-204020

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2025-61132

creationtimestamp| type| source ---|---|--- 2025-10-19 23:51:40+00:00| seen| https://gist.github.com/BrookeYangRui/94c3bee0c2cbc1ed81a21d4448550c21...

EUVD-2025-33773

A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the argument txtusername results in sql injection. The attack may be initiated remotely. The exploit is now public and m...

EUVD-2025-20426

Malicious code in bioql PyPI...

SUSE: Security Advisory (SUSE-SU-2025:03233-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-9753

A vulnerability was detected in Campcodes Online Hospital Management System 1.0. The affected element is an unknown function of the file /admin/patient-search.php of the component Patient Search Module. Performing manipulation of the argument Search by Name Mobile No results in cross site...

WordPress Advanced Custom Fields Pro Plugin < 6.4.3 HTML Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfieldspro"; if descriptio...

CVE-2025-45764

CVE-2025-45764 relates to jsrsasign v11.1.0, where the vulnerability described is a weakness due to weak encryption/cryptographic primitives. Multiple sources (NVD, CVE lists, RH advisory, PT-Security entry) confirm the issue but do not provide a confirmed fix version. The Red Hat entry notes mit...

CVE-2025-48952

creationtimestamp| type| source ---|---|--- 2025-07-04 23:15:32+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114797506148304132 2025-07-07 19:39:48+00:00| published-proof-of-concept| https://t.me/TheDarkWebInformer/18826 2025-07-07 19:40:08+00:00| seen|...

CVE-2025-6871

creationtimestamp| type| source ---|---|--- 2025-06-29 20:57:30+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19877 2025-06-30 00:44:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsrxds2ybu2r...

CVE-2025-23264

creationtimestamp| type| source ---|---|--- 2025-06-24 15:47:03+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19360 2025-06-25 16:09:46+00:00| seen| https://bsky.app/profile/thedailytechfeed.com/post/3lsgyq5yoqk2j...