Aggregator

Submit #840617 / VDB-374536

A vulnerability was found in CodeAstro Human Resource Management System 1.0 and classified as critical. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint. The manipulation of the argument emid results in sql injection. This vulnerability is reported as CVE-2026-13525. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in CherryHQ cherry-studio up to 1.9.6 and classified as critical. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. This vulnerability is documented as CVE-2026-13524. The attack can be initiated remotely. Additionally, an exploit exists. The pull request to fix this issue awaits acceptance.

Submit #840551 / VDB-374535

Submit #840550 / VDB-374534

A vulnerability, which was classified as problematic, was found in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. This vulnerability is registered as CVE-2026-13523. The attack needs to be launched locally. Furthermore, an exploit is available. A patch should be applied to remediate this issue. The vendor confirms: "We added a check on inflate output size, if it surpasses 32 times the input size we stop in error. This value could be adjusted later."

Submit #840506 / VDB-374533

Submit #840175 / VDB-374532

A vulnerability, which was classified as problematic, has been found in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is cataloged as CVE-2026-13522. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #840159 / VDB-374531

A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument course_year_section leads to sql injection. This vulnerability is listed as CVE-2026-13521. The attack may be performed from remote. In addition, an exploit is available.

Submit #839637 / VDB-374530

A vulnerability classified as critical has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. This vulnerability is tracked as CVE-2026-13520. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #839572 / VDB-374529

BrainChip ужала радиоразведку до устройства на одной батарейке.

Submit #838994 / VDB-374528

Your browser does not support the audio element.SpeedVoice

等边△ABC中，AD⊥BC，E、F分别是AC、AD上的动点，且CE=AF，求BE+BF最小时∠EBF的度数。

A vulnerability classified as problematic has been found in open-webui Open WebUI. Affected by this vulnerability is an unknown functionality of the file /api/chat/completions. The manipulation of the argument image_url leads to information disclosure. This vulnerability is documented as CVE-2026-54009. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.