184508 matches found
PT-2026-55764
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A remote SQL injection exists in the /patientorder.php endpoint. The issue occurs when the editid variable is manipulated, allowing an attacker to execute arbitrary SQL commands o...
PT-2026-55814
Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Event Management Page component within the file /admin/add event.php. Remote manipulation of the fdetails argument allows for SQL injection, a technique...
PT-2026-55769
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp token causes missing authentication. The attack may be initiat...
PT-2026-55823
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit exam1.php file where a manipulation of the ID argument can lead to SQL injection, a technique used to interfere with the queries that an...
PT-2026-55819
Name of the Vulnerable Software and Affected Versions CodeAstro Ecommerce Website version 1.0 Description An SQL injection flaw exists in the POST Parameter Handler component within the file /ecommerce-website-php/customer/confirm.php. A remote attacker can exploit this by manipulating the invoic...
PT-2026-55833
Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An unrestricted upload flaw exists within the Filename Extension component. The issue resides in the pathinfo function of the /upload files.php endpoint, whe...
PT-2026-55765
A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could ...
PT-2026-55835
Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description Improper authorization occurs in the Enrollment Management component within the /ajax enroll.php endpoint. A remote attacker can manipulate the student id,...
PT-2026-55756
A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancel order of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit...
PT-2026-55788
A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might ...
PT-2026-55794
Name of the Vulnerable Software and Affected Versions cve-search affected versions not specified Description An unauthenticated improper input validation issue exists in the 'POST /fetch cve data' endpoint. A remote attacker can manipulate request parameters that control the MongoDB collection,...
PT-2026-55799
Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description An authorization bypass exists in the Note Handler/Assignment Handler component within the /PHP/objects/notes file. A remote attacker can trigger this issu...
PT-2026-55827
Name of the Vulnerable Software and Affected Versions CrawlWP SEO versions prior to 3.0.17 Description A Cross-Site Request Forgery CSRF flaw exists in the CrawlWP SEO plugin. This issue allows an attacker to induce a victim into performing unwanted actions on the affected application...
PT-2026-55749
A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicate results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...
PT-2026-55793
Name of the Vulnerable Software and Affected Versions AIAnytime Awesome-MCP-Server versions up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab Description A flaw in the mcp-wiki/wiki-summary component, specifically within the mcp-wiki/src/mcp wiki/server.py file, allows for server-side request forger...
PT-2026-55818
Name of the Vulnerable Software and Affected Versions CodeAstro Apartment Visitor Management System version 1.0 Description An issue exists in the POST Parameter Handler component within the file /apartment-visitor/search-result.php. The manipulation of the searchdata parameter allows for remote...
PT-2026-55775
A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...
PT-2026-55798
Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description A remote cross-site scripting issue exists due to improper manipulation of the argument reference within the add definition function located in the...
PT-2026-55750
Name of the Vulnerable Software and Affected Versions itsourcecode Online Hotel Management System version 1.0 Description A remote SQL injection is possible via the manipulation of the email argument within an unknown function of the '/admin/login.php' endpoint. SQL injection is a technique where...
PT-2026-55809
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description A heap-based buffer overflow occurs in the RBinJava Line Number Table Parser component within the r bin java inner classes attr calc size function located in the shlr/java/class.c file. Thi...
PT-2026-55777
Name of the Vulnerable Software and Affected Versions SourceCodester Online Boat Reservation System version 1.0 Description An issue exists in an unknown functionality that allows a remote attacker to cause session expiration. Recommendations At the moment, there is no information about a newer...
PT-2026-55747
fulgur converts untrusted HTML/CSS into PDF, commonly on a server that processes input supplied by many tenants. In versions prior to 0.26.0, a childless box that resolves to a pathologically tall height was amplified into thousands of blank PDF pages, even when it produces no visible output. The...
PT-2026-55826
Name of the Vulnerable Software and Affected Versions FormLayer versions prior to 1.0.7 Description An issue in Softaculous FormLayer allows for the insertion of sensitive information into sent data, which can lead to the retrieval of embedded sensitive data. Recommendations Update FormLayer to...
PT-2026-55772
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the org.keycloak.broker.oidc package causes the OIDC broker to incorrectly synchronize the email verified claim. When an OIDC identity provider is configured with trustEmail=true a...
PT-2026-55821
Name of the Vulnerable Software and Affected Versions code-projects Real State Services version 1.0 Description Remote SQL injection is possible due to improper processing of the Bankname variable within the '/pay.php' endpoint. SQL injection is a technique where an attacker inserts malicious SQL...
PT-2026-55768
A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm order. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...
PT-2026-55796
Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description A remote SQL injection occurs due to the improper handling of the Password argument within the Notes controller::accessing dictionary authorization functio...
PT-2026-55757
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel order of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possibl...
PT-2026-55801
Name of the Vulnerable Software and Affected Versions Pardus Domain Joiner versions 0.5.2 through 0.5.3 Description A flaw in the software allows the invocation of a process using visible sensitive information, which can lead to excavation of data. Recommendations Update Pardus Domain Joiner to...
PT-2026-55808
Name of the Vulnerable Software and Affected Versions Pardus Update versions 0.6.3 through 0.6.5 Description A missing authorization issue in the TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows for privilege escalation, which occurs when a user can gain higher levels ...
PT-2026-55785
Name of the Vulnerable Software and Affected Versions Hanwang e-Face General Management Platform version 6.3.5.4 Description A SQL injection issue exists in the /sysAuthStr/querySysAuthStr.do endpoint. This occurs when the manipulation of the argument order allows a remote attacker to execute...
PT-2026-55806
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the core anal bytes function within the libr/core/cmd anal.inc file. This issue requires local access to be exploited. Recommendations Install the available...
PT-2026-55760
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...
PT-2026-55807
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the hexpairs Parser component within the cmd anal opcode function located in the libr/core/cmd anal.inc.c file. This issue requires local access to be exploite...
PT-2026-55734
Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/girlsproductdeletequery.php file where improper handling of the user id variable allows for remote SQL injection. SQL injection is a...
PT-2026-55661
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance o...
PT-2026-55735
Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description A remote cross-site scripting issue exists in the admin/view-users.php file. This occurs when the User argument is manipulated, allowing an attacker to execute malicious scripts in th...
PT-2026-55729
Name of the Vulnerable Software and Affected Versions connorskees grass versions prior to 0.13.5 Description A flaw in the UTF-8 Character Handler component allows local execution of a manipulation that can lead to a denial of service. The issue resides in the grass compiler::raw to parse error...
PT-2026-55731
Name of the Vulnerable Software and Affected Versions connorskees grass versions prior to 0.13.5 Description A local manipulation of the grass compiler::selector::extend/grass compiler::evaluate::visitor function can lead to a denial of service. This occurs because the @extend algorithm is...
PT-2026-55676
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.28 Description The software fails to detect malicious function calls to torch.utils.bottleneck. main .run cprofile within pickle files. This flaw allows remote attackers to bypass safety checks by embedding...
PT-2026-55743
A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue. The attack c...
PT-2026-55721
A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
PT-2026-55682
Name of the Vulnerable Software and Affected Versions n8n affected versions not specified Description The Execute Command node allows authenticated users to execute arbitrary commands on the host system where the application is running. Users with valid access or compromised credentials can...
PT-2026-55706
Name of the Vulnerable Software and Affected Versions RT-Thread versions prior to 5.2.3 Description A flaw in the Parameter Handler component allows a remote attacker to cause a divide by zero error. This issue occurs within the read, write, and sys ioctl functions located in the components/lwp/l...
PT-2026-55722
Name of the Vulnerable Software and Affected Versions CodeAstro Ecommerce Website version 1.0 Description An issue exists that allows remote SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This occurs via the c name variable within the...
PT-2026-55695
Name of the Vulnerable Software and Affected Versions HestiaCP affected versions not specified Description The panel cronjob feature contains a broken access control flaw. This allows users with low privileges to modify the panel cronjob to execute HestiaCP management scripts using passwordless...
PT-2026-55670
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.28 Description The software fails to detect malicious pickle files that exploit the torch. dynamo.guards.GuardBuilder.get function within reduce methods. This allows attackers to craft pickle files containing...
PT-2026-55712
Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions prior to de1c9e73ccf3bd032d9a0525c4752290d959dd8b Description A path traversal issue exists in the Vendor Image Manager component. A remote attacker can exploit this by manipulating the fold...
PT-2026-55709
Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions prior to 49b20f53de2b7ec34e920b11c863f1491d911a04 Description A cross site scripting issue exists in the Hidden REST API Endpoint component. A remote attacker can exploit this by manipulatin...
PT-2026-55726
Name of the Vulnerable Software and Affected Versions onnx versions prior to 1.22.0 Description A weakness in the onnxruntime component allows for a remote out-of-bounds read. This occurs within the convPoolShapeInference opset19 function located in the onnx/defs/nn/old.cc file. Recommendations...