184569 matches found
PT-2026-55791
Name of the Vulnerable Software and Affected Versions code-projects Real State Services version 1.0 Description A remote SQL injection exists in the /addprojectrent.php file. The issue occurs when the amen variable is manipulated, allowing an attacker to execute arbitrary SQL commands on the...
PT-2026-55825
Name of the Vulnerable Software and Affected Versions Exclusive Addons Elementor versions prior to 2.7.10 Description An issue involving the insertion of sensitive information into sent data allows for the retrieval of embedded sensitive data. Recommendations Update Exclusive Addons Elementor to...
PT-2026-55818
Name of the Vulnerable Software and Affected Versions CodeAstro Apartment Visitor Management System version 1.0 Description An issue exists in the POST Parameter Handler component within the file /apartment-visitor/search-result.php. The manipulation of the searchdata parameter allows for remote...
PT-2026-55775
A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...
PT-2026-55798
Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description A remote cross-site scripting issue exists due to improper manipulation of the argument reference within the add definition function located in the...
PT-2026-55750
Name of the Vulnerable Software and Affected Versions itsourcecode Online Hotel Management System version 1.0 Description A remote SQL injection is possible via the manipulation of the email argument within an unknown function of the '/admin/login.php' endpoint. SQL injection is a technique where...
PT-2026-55809
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description A heap-based buffer overflow occurs in the RBinJava Line Number Table Parser component within the r bin java inner classes attr calc size function located in the shlr/java/class.c file. Thi...
PT-2026-55777
Name of the Vulnerable Software and Affected Versions SourceCodester Online Boat Reservation System version 1.0 Description An issue exists in an unknown functionality that allows a remote attacker to cause session expiration. Recommendations At the moment, there is no information about a newer...
PT-2026-55747
fulgur converts untrusted HTML/CSS into PDF, commonly on a server that processes input supplied by many tenants. In versions prior to 0.26.0, a childless box that resolves to a pathologically tall height was amplified into thousands of blank PDF pages, even when it produces no visible output. The...
PT-2026-55826
Name of the Vulnerable Software and Affected Versions FormLayer versions prior to 1.0.7 Description An issue in Softaculous FormLayer allows for the insertion of sensitive information into sent data, which can lead to the retrieval of embedded sensitive data. Recommendations Update FormLayer to...
PT-2026-55776
A vulnerability was determined in AD-Security AD Miner 1.9.0. Affected is the function request a of the file ad miner/scripts/analyse cache.py of the component Cache Handler. This manipulation of the argument sys.argv1 causes deserialization. The attack can only be executed locally. The pull...
PT-2026-55781
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. This issue affects some unknown processing of the file /edit coursea.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...
PT-2026-55764
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A remote SQL injection exists in the /patientorder.php endpoint. The issue occurs when the editid variable is manipulated, allowing an attacker to execute arbitrary SQL commands o...
PT-2026-55823
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit exam1.php file where a manipulation of the ID argument can lead to SQL injection, a technique used to interfere with the queries that an...
PT-2026-55835
Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description Improper authorization occurs in the Enrollment Management component within the /ajax enroll.php endpoint. A remote attacker can manipulate the student id,...
PT-2026-55810
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description A use after free issue exists in the regprofile Handler component within the r core seek arch bits function of the libr/core/disasm.c file. A use after free occurs when a program continues ...
PT-2026-55819
Name of the Vulnerable Software and Affected Versions CodeAstro Ecommerce Website version 1.0 Description An SQL injection flaw exists in the POST Parameter Handler component within the file /ecommerce-website-php/customer/confirm.php. A remote attacker can exploit this by manipulating the invoic...
PT-2026-55833
Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An unrestricted upload flaw exists within the Filename Extension component. The issue resides in the pathinfo function of the /upload files.php endpoint, whe...
PT-2026-55765
A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could ...
PT-2026-55756
A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancel order of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit...
PT-2026-55788
A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might ...
PT-2026-55794
Name of the Vulnerable Software and Affected Versions cve-search affected versions not specified Description An unauthenticated improper input validation issue exists in the 'POST /fetch cve data' endpoint. A remote attacker can manipulate request parameters that control the MongoDB collection,...
PT-2026-55799
Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description An authorization bypass exists in the Note Handler/Assignment Handler component within the /PHP/objects/notes file. A remote attacker can trigger this issu...
PT-2026-55827
Name of the Vulnerable Software and Affected Versions CrawlWP SEO versions prior to 3.0.17 Description A Cross-Site Request Forgery CSRF flaw exists in the CrawlWP SEO plugin. This issue allows an attacker to induce a victim into performing unwanted actions on the affected application...
PT-2026-55749
A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicate results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...
PT-2026-55806
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the core anal bytes function within the libr/core/cmd anal.inc file. This issue requires local access to be exploited. Recommendations Install the available...
PT-2026-55760
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...
PT-2026-55807
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the hexpairs Parser component within the cmd anal opcode function located in the libr/core/cmd anal.inc.c file. This issue requires local access to be exploite...
PT-2026-55772
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the org.keycloak.broker.oidc package causes the OIDC broker to incorrectly synchronize the email verified claim. When an OIDC identity provider is configured with trustEmail=true a...
PT-2026-55768
A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm order. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...
PT-2026-55796
Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description A remote SQL injection occurs due to the improper handling of the Password argument within the Notes controller::accessing dictionary authorization functio...
PT-2026-55757
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel order of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possibl...
PT-2026-55801
Name of the Vulnerable Software and Affected Versions Pardus Domain Joiner versions 0.5.2 through 0.5.3 Description A flaw in the software allows the invocation of a process using visible sensitive information, which can lead to excavation of data. Recommendations Update Pardus Domain Joiner to...
PT-2026-55808
Name of the Vulnerable Software and Affected Versions Pardus Update versions 0.6.3 through 0.6.5 Description A missing authorization issue in the TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows for privilege escalation, which occurs when a user can gain higher levels ...
PT-2026-55829
Name of the Vulnerable Software and Affected Versions Zephyr versions 1.10.0 through 3.7.0 Description The DNS resolver contains a flaw in the dns resolve name internal function within subsys/net/lib/dns/resolve.c when CONFIG MDNS RESOLVER is enabled. The system uses memcmp to detect mDNS .local...
PT-2026-55821
Name of the Vulnerable Software and Affected Versions code-projects Real State Services version 1.0 Description Remote SQL injection is possible due to improper processing of the Bankname variable within the '/pay.php' endpoint. SQL injection is a technique where an attacker inserts malicious SQL...
PT-2026-55831
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /paymentdischarge.php endpoint. This occurs when the patientid variable is manipulated, allowing a remote attacker to execute unauthorized...
PT-2026-55811
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the r str ndup and r str append functions within the libr/util/str.c file. This issue requires local access to be exploited. Recommendations Apply the patch...
PT-2026-55785
Name of the Vulnerable Software and Affected Versions Hanwang e-Face General Management Platform version 6.3.5.4 Description A SQL injection issue exists in the /sysAuthStr/querySysAuthStr.do endpoint. This occurs when the manipulation of the argument order allows a remote attacker to execute...
PT-2026-55828
Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description The MAX32xxx USB device controller driver drivers/usb/udc/udc max32.c, compatible adi max32 usbhs contains a flaw where it dereferences an endpoint buffer in its OUT and IN transfer-completion handlers without...
PT-2026-55800
Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description A remote SQL injection flaw exists in the /admin/add room.php endpoint. The issue occurs when manipulating the delete image, edit, description, number, price, rooms, or type...
PT-2026-55751
Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.22 Description The software draws the DSA signing nonce and private key from a biased random generator. Specifically, the makerandom function in Crypt::DSA::Util forces the high bit of every returned value to...
PT-2026-55769
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp token causes missing authentication. The attack may be initiat...
PT-2026-55812
Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Room Management Page component within the file /admin/rooms.php. A remote attacker can perform a SQL injection—a technique used to manipulate a database...
PT-2026-55661
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance o...
PT-2026-55735
Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description A remote cross-site scripting issue exists in the admin/view-users.php file. This occurs when the User argument is manipulated, allowing an attacker to execute malicious scripts in th...
PT-2026-55729
Name of the Vulnerable Software and Affected Versions connorskees grass versions prior to 0.13.5 Description A flaw in the UTF-8 Character Handler component allows local execution of a manipulation that can lead to a denial of service. The issue resides in the grass compiler::raw to parse error...
PT-2026-55676
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.28 Description The software fails to detect malicious function calls to torch.utils.bottleneck. main .run cprofile within pickle files. This flaw allows remote attackers to bypass safety checks by embedding...
PT-2026-55743
A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue. The attack c...
PT-2026-55721
A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...