🚨 CVE-2026-14753
A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
GitHub
GitHub - mjperpinosa/stumasy: This is a student management system and at the same time a social networking site. I also added miscellaneous…
This is a student management system and at the same time a social networking site. I also added miscellaneous features here just based on my likeness. - mjperpinosa/stumasy
🚨 CVE-2026-14754
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/add_room.php. Executing a manipulation of the argument delete_image/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/add_room.php. Executing a manipulation of the argument delete_image/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
🎖@cveNotify
🚨 CVE-2024-55488
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed access to the CMS. There was a deliberate decision made not to apply HTML sanitization at the product level.
🎖@cveNotify
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed access to the CMS. There was a deliberate decision made not to apply HTML sanitization at the product level.
🎖@cveNotify
Umbraco
Stylesheets and JavaScript | CMS | Umbraco Documentation
Information on working with stylesheets and JavaScript in Umbraco.
🚨 CVE-2025-22205
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.
🎖@cveNotify
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.
🎖@cveNotify
Admiror-Design-Studio
Admiror Gallery
Admiror Joomla! Extensions is a catalog of Admiror products for Joomla! CMS systems.
🚨 CVE-2025-56320
CobbleStone Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."
🎖@cveNotify
CobbleStone Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."
🎖@cveNotify
Medium
Stored XSS in Chat Box Component *CVE-2025–56320*
CobbleStone Software — Enterprise Contract Management Software v.22.2.1
🚨 CVE-2025-67316
An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review.
🎖@cveNotify
An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review.
🎖@cveNotify
realme
realme Community
Welcome to realme Community, your virtual playground to learn the latest tech news, win exclusive prizes, or simply chat about realme!
🚨 CVE-2025-70364
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges." However, restrictions on some PHP functions were added in 8.4.
🎖@cveNotify
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges." However, restrictions on some PHP functions were added in 8.4.
🎖@cveNotify
GitHub
blog.hackvens.fr/_posts/advisories/2025-12-23-CVE-2025-70364-Kiamo.md at main · hackvens/blog.hackvens.fr
Le blog hackvens . Contribute to hackvens/blog.hackvens.fr development by creating an account on GitHub.
🚨 CVE-2026-48908
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
🎖@cveNotify
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
🎖@cveNotify
JoomShaper
SP Page Builder - The Best Joomla 6 Drag & Drop Page Builder
SP Page Builder is the best Joomla page builder to build modern and functional sites in minutes. Design your website visually with fully-functional addons.
🚨 CVE-2026-48939
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
🎖@cveNotify
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
🎖@cveNotify
Icagenda
iCagenda - Events Management for Joomla!
iCagenda is a multi-lingual extension designed to create, manage and share events on a Joomla!™ based website.
🚨 CVE-2026-56290
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
🎖@cveNotify
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
🎖@cveNotify
JoomlaCK - Extensions et tutoriels Joomla!
Extensions et documentations Joomlack
Téléchargez des extensions pour joomla, modules, plugins, ou composant. Vous pouvez également télécharger des tutoriels et livres pour créer votre template Joom
🚨 CVE-2026-12250
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.
This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.
🎖@cveNotify
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.
This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-12386
Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.
This issue affects Pardus Pen: from <=4.1.5 before 4.2.1.
🎖@cveNotify
Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.
This issue affects Pardus Pen: from <=4.1.5 before 4.2.1.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-14755
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
🚨 CVE-2026-14756
A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/add_tour.php of the component Tour Management Page. The manipulation of the argument delete_image results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/add_tour.php of the component Tour Management Page. The manipulation of the argument delete_image results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
🎖@cveNotify
🚨 CVE-2026-14757
A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function core_anal_bytes of the file libr/core/cmd_anal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is suggested to install a patch to address this issue.
🎖@cveNotify
A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function core_anal_bytes of the file libr/core/cmd_anal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is suggested to install a patch to address this issue.
🎖@cveNotify
GitHub
GitHub - radareorg/radare2: UNIX-like reverse engineering framework and command-line toolset
UNIX-like reverse engineering framework and command-line toolset - radareorg/radare2
🚨 CVE-2026-14758
A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmd_anal_opcode of the file libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The name of the patch is 84e773986e7e5bb30453a9384f498ec0ccc9d0a9. A patch should be applied to remediate this issue.
🎖@cveNotify
A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmd_anal_opcode of the file libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The name of the patch is 84e773986e7e5bb30453a9384f498ec0ccc9d0a9. A patch should be applied to remediate this issue.
🎖@cveNotify
GitHub
GitHub - radareorg/radare2: UNIX-like reverse engineering framework and command-line toolset
UNIX-like reverse engineering framework and command-line toolset - radareorg/radare2
🚨 CVE-2026-6509
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.
This issue affects Pardus Update: from <=0.6.3 before 0.6.6.
🎖@cveNotify
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.
This issue affects Pardus Update: from <=0.6.3 before 0.6.6.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2026-9085
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.
This issue affects Pardus-Parental-Control: from <=0.5.1 before 0.7.0.
🎖@cveNotify
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.
This issue affects Pardus-Parental-Control: from <=0.5.1 before 0.7.0.
🎖@cveNotify
siberguvenlik.gov.tr
T.C. Siber Güvenlik Başkanlığı
Türkiye Cumhuriyeti Cumhurbaşkanlığı Siber Güvenlik Başkanlığı resmi web sitesi.
🚨 CVE-2020-21733
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
🎖@cveNotify
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
🎖@cveNotify
GitHub
BugReport/CVE-2020-21733 at master · Gr3gPr1est/BugReport
Contribute to Gr3gPr1est/BugReport development by creating an account on GitHub.
🚨 CVE-2020-23968
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
🎖@cveNotify
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
🎖@cveNotify
blog.vibri.us
CVE-Pending ILEX International Sign&go 7.1 Arbitrary File Creation Privilege Escalation | vibrio's personal infosec blog
Correct URL: https://ricardojba.github.io/CVE-2020-23968-ILEX-SignGo-EoP/
🚨 CVE-2020-35276
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.
🎖@cveNotify
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.
🎖@cveNotify
Medium
Authentication Admin Panel Bypass-Which leads to full admin access control [CVE-2020–35276]
In this section, I will explain you, how i was able to bypass the admin login panel and from which it leads to full admin access control.