🚨 CVE-2026-7084
A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The manipulation of the argument Link results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. There is ongoing doubt regarding the real existence of this vulnerability. The vendor explains in a reply to the issue report, that "[t]he /getCodeByLink interface is used to obtain TS code and run it locally. It is inherently a high-risk interface, and users must clearly understand the risks before requesting to use it."
🎖@cveNotify
A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The manipulation of the argument Link results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. There is ongoing doubt regarding the real existence of this vulnerability. The vendor explains in a reply to the issue report, that "[t]he /getCodeByLink interface is used to obtain TS code and run it locally. It is inherently a high-risk interface, and users must clearly understand the risks before requesting to use it."
🎖@cveNotify
GitHub
GitHub - HBAI-Ltd/Toonflow-app: Toonflow 是开源一站式 AI 短剧创作工具,将小说、剧本快速转化为动画短剧。集成 AI 编剧、智能分镜、角色与视频生成,跨平台桌面端轻量部署,助力创作者低成本批量产出视觉内容。Toonflow…
Toonflow 是开源一站式 AI 短剧创作工具,将小说、剧本快速转化为动画短剧。集成 AI 编剧、智能分镜、角色与视频生成,跨平台桌面端轻量部署,助力创作者低成本批量产出视觉内容。Toonflow is an open-source AI tool that turns stories and scripts into animated short dramas. Features AI...
👍1
🚨 CVE-2026-7086
A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. It is still unclear if this vulnerability genuinely exists. The vendor explains in a reply to the issue report, that "[t]he URL of this interface is designed to only be a local address or a trusted domain address configured in docker, and will not contain malicious links, unless the user modifies the code causing unexpected situations."
🎖@cveNotify
A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. It is still unclear if this vulnerability genuinely exists. The vendor explains in a reply to the issue report, that "[t]he URL of this interface is designed to only be a local address or a trusted domain address configured in docker, and will not contain malicious links, unless the user modifies the code causing unexpected situations."
🎖@cveNotify
GitHub
GitHub - HBAI-Ltd/Toonflow-app: Toonflow 是开源一站式 AI 短剧创作工具,将小说、剧本快速转化为动画短剧。集成 AI 编剧、智能分镜、角色与视频生成,跨平台桌面端轻量部署,助力创作者低成本批量产出视觉内容。Toonflow…
Toonflow 是开源一站式 AI 短剧创作工具,将小说、剧本快速转化为动画短剧。集成 AI 编剧、智能分镜、角色与视频生成,跨平台桌面端轻量部署,助力创作者低成本批量产出视觉内容。Toonflow is an open-source AI tool that turns stories and scripts into animated short dramas. Features AI...
🚨 CVE-2026-7087
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
🎖@cveNotify
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
🎖@cveNotify
GitHub
sourcecodester Pharmacy Sales and Inventory System Project V1.0 /ajax.php?action=save_sales SQL injection · Issue #2 · nidieaaa/test
sourcecodester Pharmacy Sales and Inventory System Project V1.0 /ajax.php?action=save_sales SQL injection NAME OF AFFECTED PRODUCT(S) Pharmacy Sales and Inventory System Vendor Homepage https://www...
🚨 CVE-2026-7088
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
🎖@cveNotify
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
🎖@cveNotify
GitHub
sourcecodester Pharmacy Sales and Inventory System Project V1.0 /ajax.php?action=save_receiving SQL injection · Issue #3 · nidieaaa/test
sourcecodester Pharmacy Sales and Inventory System Project V1.0 /ajax.php?action=save_receiving SQL injection NAME OF AFFECTED PRODUCT(S) Pharmacy Sales and Inventory System Vendor Homepage https:/...
🚨 CVE-2026-7089
A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
🚨 CVE-2026-7090
A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
🎖@cveNotify
🚨 CVE-2026-41080
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
🎖@cveNotify
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
🎖@cveNotify
blog.hartwork.org
Hartwork Blog · Expat 2.8.0 released, includes security fixes
🚨 CVE-2026-3008
Successful exploitation of the
string injection vulnerability could allow an attacker to obtain memory address
information or crash the application.
🎖@cveNotify
Successful exploitation of the
string injection vulnerability could allow an attacker to obtain memory address
information or crash the application.
🎖@cveNotify
Community
Notepad++ v8.9.4 Release Candidate
Notepad++ 8.9.4 Release Candidate RC2 is available here: https://github.com/donho/notepad-plus-plus/releases/tag/ReleaseCandidate https://github.com/donho/no...
🚨 CVE-2026-42371
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
🎖@cveNotify
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
🎖@cveNotify
GitHub
[CVE-REQUESTED] Fix range-length truncation in `CompareRange` by worwin · Pull Request #298 · uriparser/uriparser
This pull request fixes range-length truncation in CompareRange and adds a dedicated regression test.
The previous implementation converted pointer-difference lengths to int during comparison. On 6...
The previous implementation converted pointer-difference lengths to int during comparison. On 6...
🚨 CVE-2026-7091
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.
🎖@cveNotify
🚨 CVE-2026-7092
A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
🚨 CVE-2026-7093
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
🎖@cveNotify
🚨 CVE-2026-30368
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices.
🎖@cveNotify
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices.
🎖@cveNotify
🚨 CVE-2026-22077
OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure.
🎖@cveNotify
OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure.
🎖@cveNotify
🚨 CVE-2026-7095
A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
🎖@cveNotify
A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
🎖@cveNotify
🚨 CVE-2026-7096
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
🎖@cveNotify
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
🎖@cveNotify
Vulnerability Database
CVE-2026-7096 Tenda HG3 formgponConf os command injection
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability is known as CVE-2026-7096.
🚨 CVE-2026-7097
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
🎖@cveNotify
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
🎖@cveNotify
GitHub
vuldb_new/F456/vul_135/README.md at main · Litengzheng/vuldb_new
CVE. Contribute to Litengzheng/vuldb_new development by creating an account on GitHub.
🚨 CVE-2026-5201
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
🎖@cveNotify
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
🎖@cveNotify
🚨 CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
🎖@cveNotify
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
🎖@cveNotify
🚨 CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
🎖@cveNotify
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
🎖@cveNotify
🚨 CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
🎖@cveNotify
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
🎖@cveNotify