Aggregator

Дрейфующий в космосе зонд вернулся к жизни под присмотром своего неразлучного спутника.

Submit #774933 / VDB-352381

Submit #774931 / VDB-352380

Submit #774930 / VDB-352379

Submit #774929 / VDB-352378

A vulnerability labeled as critical has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname leads to sql injection. This vulnerability is documented as CVE-2026-4550. The attack can be executed remotely. Additionally, an exploit exists.

Submit #774932 / VDB-348263

Submit #774928 / VDB-348262

A vulnerability identified as critical has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. This vulnerability is registered as CVE-2026-4549. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as critical has been discovered in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. This vulnerability is cataloged as CVE-2026-4548. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in mickasmt next-saas-stripe-starter 1.0.0. It has been rated as critical. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout Handler. The manipulation of the argument priceId leads to business logic errors. This vulnerability is listed as CVE-2026-4547. The attack may be initiated remotely. There is no available exploit.

Submit #774839 / VDB-352377

Submit #774838 / VDB-352377

Submit #774806 / VDB-352376

Submit #774805 / VDB-352375

A vulnerability was found in Flos Freeware Notepad2 4.2.25. It has been declared as problematic. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. This vulnerability is tracked as CVE-2026-4546. The attack is restricted to local execution. No exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #774804 / VDB-352374

A vulnerability was found in Flos Freeware Notepad2 4.2.25. It has been classified as problematic. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. This vulnerability is identified as CVE-2026-4545. The attack is only possible with local access. There is not any exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in SeoToaster Ecommerce 3.0.0 and classified as critical. The impacted element is an unknown function of the file /backend/backend_theme/editcss/ of the component Backend Theme Endpoint. Such manipulation of the argument path leads to path traversal. This vulnerability is referenced as CVE-2019-25577. The attack can only be performed from a local environment. Furthermore, an exploit is available.

A vulnerability has been found in SimplePress CMS 1.0.7 and classified as critical. The affected element is an unknown function. This manipulation of the argument p/s causes sql injection. The identification of this vulnerability is CVE-2019-25575. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.