Aggregator

CVE-2026-9377 | SourceCodester SUP Online Shopping 1.0 /admin/productedit.php productName cross site scripting

VulDB Recent Entries
1 week 1 day ago
A vulnerability identified as problematic has been detected in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. This vulnerability is traded as CVE-2026-9377. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-9376 | JPress up to 1.0.3 UCenter Article Submission Endpoint doWriteSave id/userId improper authorization (Issue 194)

VulDB Recent Entries
1 week 1 day ago
A vulnerability categorized as critical has been discovered in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. This vulnerability appears as CVE-2026-9376. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-9374 | yangzongzhuan RuoYi-Vue up to 3.9.2 Common Upload Endpoint /common/upload FileUploadUtils.upload unrestricted upload

VulDB Recent Entries
1 week 1 day ago
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. It has been rated as critical. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. This vulnerability is reported as CVE-2026-9374. The attack is possible to be carried out remotely. No exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

INC

Dark Feed IO
1 week 1 day ago

You must login to view this content

cohenido

Managed ad