SourceCodester Logistic Hub Parcel Management System 安全漏洞

SourceCodester Logistic Hub Parcel Management System is a simple web-based open-source application project developed by SourceCodester. Its main purpose is to provide a automated platform for logistics centers to manage and track package records. Version 1.0 of the SourceCodester Logistic Hub...

CVE-2026-26710

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php...

CVE-2026-26700

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/editemployee.php...

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server cos...

CVE-2026-26702

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitemreuse.php...

CVE-2026-28411

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

CVE-2026-27970 Angular i18n vulnerable to Cross-Site Scripting (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization i18n pipeline. In ICU messages...

CVE-2026-27633

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

Manyfold 代码问题漏洞

Manyfold is a self-hosted web application developed by Manyfold OpenSource. Versions of Manyfold prior to 0.133.0 had code-related vulnerabilities; these vulnerabilities were caused by Cookie leaks in the proxy cache, which could lead to session hijacking...

PcVue 安全漏洞

PcVue is a reliable, secure, and powerful operational software platform developed by PcVue Corporation. It is specifically designed for monitoring and controlling applications in industries such as building management and park management. Versions 12.0.0 to 16.3.3 of PcVue contain security...

CVE-2026-27933 Manyfold vulnerable to session hijack via cookie leakage in proxy caches

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue...

EUVD-2026-8765

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

CVE-2026-27613

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

CVE-2026-25138 Rucio WebUI has Username Enumeration via Login Error Message

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

EUVD-2026-8613

Mercator is an open source web application designed to enable mapping of information systems. A stored Cross-Site Scripting XSS vulnerability exists in Mercator prior to version 2026.02.22 due to the use of unescaped Blade directives !! !! in display templates. An authenticated user with the User...

OliveTin 操作系统命令注入漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin 300.10.0 and earlier have a vulnerability related to operating system command injection. This vulnerability stems from insufficient shell mode security checks, which may allow unvalidated remote code execution...

PT-2026-22039

Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.02 Description TinyWeb is a web server written in Delphi for Win32. Versions prior to 2.02 are susceptible to a Denial of Service DoS condition caused by memory exhaustion. An unauthenticated remote attacker can sen...

📄 Tattile Cameras 1.181.5 Insufficient Token Expiration

Tattile Cameras version 1.181.5 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or tokens for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse...

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...