Aggregator

A vulnerability classified as critical was found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. This vulnerability is tracked as CVE-2026-2216. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as problematic has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. This vulnerability is identified as CVE-2026-2215. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #752763 / VDB-344933

Submit #752756 / VDB-344932

A vulnerability described as problematic has been identified in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2025-15571. The attack can only be performed from a local environment. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability marked as problematic has been reported in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. The identification of this vulnerability is CVE-2026-2214. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. This vulnerability was named CVE-2026-2213. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2026-2212. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. This vulnerability is handled as CVE-2026-2211. The attack can be executed remotely. Additionally, an exploit exists.

Submit #752630 / VDB-260615

Submit #752603 / VDB-344931

A vulnerability was found in ckolivas lrzip up to 0.651. It has been rated as critical. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. This vulnerability is known as CVE-2025-15570. Attacking locally is a requirement. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #752602 / VDB-344930

Submit #752601 / VDB-344929

Submit #752600 / VDB-344928

Submit #752597 / VDB-344927

A vulnerability was found in D-Link DIR-823X 250416. It has been declared as critical. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. This vulnerability is traded as CVE-2026-2210. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #752595 / VDB-344926

A vulnerability was found in Artifex MuPDF up to 1.26.1 on Windows. It has been classified as problematic. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. This vulnerability appears as CVE-2025-15569. The attack requires local access. There is no available exploit. Upgrading the affected component is recommended.