A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting.
This vulnerability is traded as CVE-2026-8117. The attack may be launched remotely. Furthermore, there is an exploit available.
A vulnerability has been found in huangjunsen0406 xiaozhi-mcphub up to 1.0.3 and classified as critical. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal.
This vulnerability appears as CVE-2026-8116. The attack may be initiated remotely. In addition, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.
A vulnerability, which was classified as problematic, was found in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal.
This vulnerability is reported as CVE-2026-8115. The attack can be launched remotely. Moreover, an exploit is present.
The project was informed of the problem early through an issue report but has not responded yet.
A threat actor claims to be selling a 2.47GB CSV database from real estate platform homes.at.world, totaling 7,023,773 lines split between 4,883,773 agent records and 2,140,000 investor records.