Aggregator

A vulnerability was found in Google Cloud Gemini Enterprise up to 11/11. It has been rated as problematic. The impacted element is an unknown function of the component Agentspace Service. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-1727. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in opf openproject up to 16.6.6/17.0.2. Affected by this vulnerability is an unknown functionality of the component time Handler. Such manipulation leads to basic cross site scripting. This vulnerability is listed as CVE-2026-25764. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Totolink WA300 5.2cu.7112_B20190227. It has been declared as critical. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. This vulnerability was named CVE-2026-2167. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in code-projects Online Reviewer System 1.0. It has been classified as critical. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. This vulnerability is uniquely identified as CVE-2026-2166. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in detronetdip E-commerce 1.0.0 and classified as critical. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. This vulnerability is handled as CVE-2026-2165. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability has been found in detronetdip E-commerce 1.0.0 and classified as critical. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. This vulnerability is known as CVE-2026-2164. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #752063 / VDB-344869

Submit #751858 / VDB-344868

Submit #751857 / VDB-344867

Submit #751853 / VDB-344866

A vulnerability, which was classified as critical, was found in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2026-2163. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. This vulnerability appears as CVE-2026-2162. The attack may be initiated remotely. In addition, an exploit is available.

Submit #751764 / VDB-344865

A vulnerability classified as critical was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. This vulnerability is reported as CVE-2026-2161. The attack can be launched remotely. Moreover, an exploit is present.

Использование чужих ресурсов — лишь верхушка айсберга в этой сложной схеме.

Submit #751083 / VDB-344864

Submit #751082 / VDB-344863

A vulnerability classified as problematic has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. This vulnerability is documented as CVE-2026-2160. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as problematic has been identified in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. This vulnerability is registered as CVE-2026-2159. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #751016 / VDB-344862