PT-2026-32338

Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view category.php...

ChurchCRM 输入验证错误漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.0.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from redirect links, which could cause authenticated users to be redirected to any URL specified by the...

ImageMagick 数字错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-189 and 6.9.13-44 contained a numerical error vulnerability. This vulnerability stemmed from the...

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

PT-2026-32349

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero error exists in the rtsc min function within the concave-curve intersection path. The m2sm function converts a u32 slope to a u64 scaled value; for large inputs, this...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a zero-division error in the rtscmin function of the schhfsc module, potentially leading to a...

CVE-2026-36950

Sourcecodester Online Thesis Archiving System v1.0 is affected by a SQL injection vulnerability in /otas/projects_per_department.php. The CVE-2026-36950 entry identifies the affected component and the underlying issue is an injectable SQL condition, leading to potential disclosure or manipulation...

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

PT-2026-32346

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The bridge MRP component fails to validate user-supplied interval values from netlink in the br mrp start test, br mrp start in test, and br mrp start in test parse functions. When an...

Medium: mod_security_crs

Issue Overview: Whitespace padding in filenames bypasses file upload extension checks NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w CVE-2026-33691 Affected Packages: modsecuritycrs Issue Correction: Run dnf update modsecuritycrs --releasever...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unhandled zero-test interval. This vulnerability may lead to memory exhaustion and kernel...

CVE-2026-31420

In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic brmrpstarttest and brmrpstartintest accept the user-supplied interval value from netlink without validation. When interval is 0, usecstojiffies0 yields 0, causing the...

SourceCodester Online Thesis Archiving System 安全漏洞

The SourceCodester Online Thesis Archiving System is an open-source online thesis archiving system developed by SourceCodester. Version 1.0 of the Sourcecodester Online Thesis Archiving System contains a security vulnerability, which stems from a SQL injection vulnerability in the...

Linux Distros Unpatched Vulnerability : CVE-2026-31423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: schhfsc: fix divide-by-zero in rtscmin m2sm converts a u32 slope to a u64 scaled value. For large inputs e.g. m1=4000000000, the result can reach 2^3...

CVE-2026-31413

CVE-2026-31413 — Linux kernel BPF verifier flaw (CVE-joined info from multiple sources) The issue arises in maybe_fork_scalars() when handling ARSH plus AND/OR with a constant in the BPF verifier. The code forks the verifier state; the pushed path previously used env->insn_idx + 1, so it re-ex...

GHSA-R5V8-C28H-F8R8 MetaGPT affected by server-side request forgery in metagpt/utils/common.py

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-1116

A Cross-site Scripting XSS vulnerability was identified in the fromdict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows a...

Victor CMS SQL注入漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has a SQL injection vulnerability, which stems from insufficient input validation for the catid parameter in the category.php file. This vulnerability may lead to SQL injection...

OESA-2026-1835 nodejs-brace-expansion security update

Brace expansion as known from sh/bash Security Fixes: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run...

Command Injection

Overview aws-mcp is an AWS Model Context Protocol Server Affected versions of this package are vulnerable to Command Injection via improper validation of user-supplied input in the allowed commands process. An attacker can execute arbitrary system commands by supplying crafted input that is used ...