372419 matches found
CVE-2026-16223
1Panel-dev CordysCRM up to 1.4.1 is affected in the Third Party Edit Endpoint, specifically the IntegrationConfigService.getSqlBotSrc function. A manipulated appSecret can trigger server-side request forgery (SSRF) and the issue can be exploited remotely. The exploit has been publicly disclosed a...
CVE-2026-16222
CVE-2026-16222 affects 1Panel-dev CordysCRM up to version 1.4.1. The vulnerability involves server-side request forgery caused by manipulating the mkAddress argument in the TokenService.java file under the Third Party Endpoint (backend/crm/src/main/java/cn/cordys/crm/integration/sso/service/Token...
CVE-2026-16220
CVE-2026-16220 affects code-projects Online Examination System 1.0. The vulnerability resides in unknown code handling the parameter eid/n/t in /account.php?q=quiz, enabling cross-site scripting through manipulation of that argument. Impact details stated include remote feasibility with low to mo...
CVE-2026-16219
CVE-2026-16219 affects Croogo CMS versions up to 4.0.7. The vulnerability lies in the Admin File Manager component, specifically FileManager::isEditable in FileManager/src/Utility/FileManager.php, leading to path traversal. Exploitation can be performed remotely; a working exploit has been publis...
CVE-2026-16218
Technical details for CVE-2026-16218 are not publicly available in the provided documents; no affected versions, root cause specifics, or remediation are disclosed here. Monitor for updates.
CVE-2026-16217
CVE-2026-16217 affects guohongze adminset up to 0.61. The vulnerability lies in delivery/deli.py where manipulating project_id bypasses authorization, enabling a remote attack. Public exploit disclosed; project maintainer notified early via issue report but no response. CVSS metrics indicate MEDI...
CVE-2026-16216
Geex-arts django-jet up to 1.0.8 contains a CSRF flaw in the OAuth Handler that can be exploited remotely. The vulnerability enables cross-site request forgery and is public, with no response from the project to the issue. The CVE reports a MEDIUM severity (CVSS 3.x/4.x family) and indicates no l...
CVE-2026-16215
CVE-2026-16215 concerns geex-arts django-jet up to 1.0.8. The flaw affects the OAuth Credential Revoke Handler component; a manipulation can lead to missing authorization. The vulnerability is exploitable remotely, with public exploit availability reported. Affected status is stated, but the exac...
CVE-2026-16214
CVE-2026-16214 affects geex-arts django-jet up to version 1.0.8, specifically the Dashboard Module’s jet/dashboard/views.py component. The documentation reports an authorization bypass vulnerability caused by manipulation of an unknown function, with remote exploitation possible and a publicly av...
CVE-2026-16213
Summary of vulnerability (CVE-2026-16213) : In Fantomas42 django-blog-zinnia (up to 0.20), a flaw affects an unknown function in the file zinnia/views/mixins/entry_protection.py (Protected Entry Password Handler). The manipulation leads to the cleartext storage of sensitive information . Exploita...
CVE-2026-16212
CVE-2026-16212 affects awesto django-shop up to 1.2.4. The vulnerability targets an unknown function in the file shop/models/inventory.py of the Purchase Stock Handler, causing a race condition. The issue can be exploited remotely with high complexity; exploitation status is publicly available (P...
CVE-2026-16211
CVE-2026-16211 affects Allegro Ralph, specifically the Hostname Allocation Handler’s function AssetLastHostname.increment_hostname in the file src/ralph/assets/models/assets.py . The vulnerability arises from a manipulation of the argument counter that can cause a race condition . Documents indic...
CVE-2026-16210
The CVE-2026-16210 entry affects newpanjing simpleui version 2026.01.13, specifically the AjaxAdmin AJAX Endpoint in the file simpleui/admin.py. The issue stems from the function self.get_action, where manipulated input leads to missing authentication, enabling remote exploitation. An exploit has...
CVE-2026-16209
Summary: CVE-2026-16209 affects Gerapy up to 0.9.13. The vulnerability is in an unknown function within gerapy/server/core/views.py, in the Project Upload Endpoint, causing missing authentication. It is a network-accessible issue that can be exploited remotely; the exploit is public. A patch iden...
CVE-2026-16208
CVE-2026-16208 affects django-tastypie up to 0.15.1. The vulnerability resides in the CacheThrottle/CacheDBThrottle in tastypie/throttle.py, causing a race condition. It is potentially exploitable remotely; attack complexity is described as high. Details on fixes or patches are not provided in th...
CVE-2026-16207
CVE-2026-16207 affects django-tastypie up to 0.15.1, specifically ApiKeyAuthentication in tastypie/authentication.py. The issue allows use of the GET method with sensitive query strings, enabling a remote attack. The reported attack is characterized by high complexity and low exploitability. The ...
CVE-2026-16206
Affected software: django-oauth-toolkit 3.3.0. Root cause: manipulation in the function _load_id_token within oauth2_provider/oauth2_validators.py. Impact as stated: session expiration. Attack can be initiated remotely over the network. Status of remediation: not provided in the connected documen...
CVE-2026-16205
In Pluck CMS up to version 4.7.21, the vulnerability affects the Albums Module (data/modules/albums/albums.admin.php) via the function htmlspecialchars_decode. Manipulating the Info argument can trigger cross-site scripting, with remote exploitation possible. Public exploit exists. The project wa...
CVE-2026-16204
Technical details for CVE-2026-16204 are not publicly provided in the supplied documents; no concrete affected versions, vulnerable components, or remediation details are available here. Monitor for updates.
CVE-2026-16203
SourceCodester Class and Exam Timetabling System 1.0 contains a cross-site scripting (XSS) vulnerability in the /forCYS.php file, triggered by manipulation of the course parameter. The issue can be exploited remotely, and public exploit code exists. The CVSS vectors indicate a network-based, low ...