CVE-2026-9544

A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...

CVE-2026-9477

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. The attack is...

CVE-2026-9475

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is...

CVE-2026-9377

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-9356

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/managehistory.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

CVE-2026-9352

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function makerunenv of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched...

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-27964

FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting XSS vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick cookie ...

CVE-2026-8766

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...

CVE-2023-31309

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

CVE-2026-44547

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

CVE-2026-0541

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...

CVE-2026-28913

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-43894

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...

CVE-2021-47945

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem...

CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

CVE-2026-33511

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

CVE-2026-27097

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Them...

CVE-2026-29000

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...

CVE-2026-27970

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization i18n pipeline. In ICU messages...

CVE-2024-57040

TP-Link TL-WR845N devices with firmware TL-WR845NUNV4200909 and TL-WR845NUNV4190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has...

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

CVE-2024-13160

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2024-50302

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let’s zero-initialize it during allocation to make sure that it can’t be ever used to leak kernel memory via...

CVE-2024-11120

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...

CVE-2024-41710

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 R6.4.0.136 could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter...

CVE-2023-34192

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. Recent assessments: gwillcox-r7 at May 10, 2023 5:31pm UTC reported: This is a...

CVE-2022-30275

The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration...

CVE-2022-20228

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-22975

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name CN of their user entry on the LDAP or AD server to include special characters, which could be used ...

CVE-2022-24345

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution without permission from a user upon opening a project was possible...

CVE-2021-46456

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl0.0maclist parameter...

CVE-2022-0273

Improper Access Control in Pypi calibreweb prior to 0.6.16...

CVE-2021-40407

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This...

CVE-2022-0090

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in...

CVE-2021-44207

Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Online Leave Management System SQL-Injection-Bypass-Authentication

Description: The OLMS – PHP by: oretnom23 v1.0 is vulnerable in the application /leavesystem/classes/Login.php from SQL-Injection-Bypass-Authentication m0re info: . The parameter username from the login form is not protected correctly and there is no security and escaping from malicious payloads...

CVE-2021-21431

sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from oth...

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Recent assessments: wvu-r7 at November 02, 2021 7:12pm UTC reported: See the other topic. Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

PoC for high-entropy ASLR bypass via MemoryProtector

high-entry ASLR Bypass Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: ASLR Bypass, vendor says they would fix in next versions. Assessed Attacker Value: 2 Assessed Attacker Value: 2Assessed Attacker Value: 1...

Oracle Beehive prepareAudioToPlay() Function Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Oracle Beehive suffers from a vulnerability tha...

CVE-2018-15142

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the “docid” and “content” parameters and accessing it in the traversed...

CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...