Aggregator

Submit #833153 / VDB-368884

A vulnerability was found in SourceCodester Ship Ferry Ticket Reservation System 1.0. It has been rated as problematic. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of the argument Username leads to cross site scripting. This vulnerability is traded as CVE-2026-11338. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #832902 / VDB-368883

Submit #832593 / VDB-368882

A vulnerability was found in OpenMeter. It has been declared as critical. This issue affects some unknown processing. Executing a manipulation can lead to sql injection. This vulnerability appears as CVE-2026-8462. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Pylons webob. It has been classified as problematic. This vulnerability affects unknown code of the component Location Header Handler. Performing a manipulation results in open redirect. This vulnerability is reported as CVE-2026-44889. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

Submit #832579 / VDB-368881

Submit #832571 / VDB-368880

Submit #832570 / VDB-368366

A vulnerability was found in Keycloak on Red Hat and classified as problematic. This affects an unknown part of the component Group Members Endpoint. Such manipulation leads to insufficient granularity of access control. This vulnerability is documented as CVE-2026-9088. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in joomlacontenteditor Content Editor Extension up to 2.9.99.4 on Joomla and classified as critical. Affected by this issue is some unknown functionality of the component JCE Editor Extension. This manipulation causes improper access controls. This vulnerability is registered as CVE-2026-48907. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboard_page/forms/fetch.php. The manipulation of the argument department_name results in cross site scripting. This vulnerability is cataloged as CVE-2026-11337. The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as critical, has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation of the argument UserAuthData leads to improper authorization. This vulnerability is listed as CVE-2026-11336. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as critical was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation. This vulnerability is tracked as CVE-2026-11335. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as critical has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboard_page/forms/fetch.php. Performing a manipulation of the argument department_code results in sql injection. This vulnerability is identified as CVE-2026-11334. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability described as critical has been identified in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard_page/forms/upload_student_data.php of the component Student Data Upload Endpoint. Such manipulation of the argument Student-Data-CSV leads to unrestricted upload. This vulnerability is referenced as CVE-2026-11333. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

We discovered and developed an exploit for a pre-authentication remote code executio

F6 обнаружила кибершпионскую группировку SiribClone, атакующую российских военнослужащих.

Submit #832583 / VDB-368875

Submit #832582 / VDB-368874