A vulnerability was found in SourceCodester Hospitals Patient Records Management System 1.0. It has been classified as problematic. This issue affects some unknown processing of the file /admin/?page=room_types. Performing a manipulation of the argument room results in cross site scripting.
This vulnerability is reported as CVE-2026-11468. The attack is possible to be carried out remotely. Moreover, an exploit is present.
A vulnerability was found in jishenghua jshERP up to 3.6 and classified as critical. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the argument fileName leads to path traversal.
This vulnerability is documented as CVE-2026-11467. The attack can be executed remotely. Additionally, an exploit exists.
The project was informed of the problem early through an issue report but has not responded yet.
A vulnerability has been found in zilliztech deep-searcher up to 0.0.2 and classified as problematic. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls.
This vulnerability is registered as CVE-2026-11466. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The pull request to fix this issue awaits acceptance.
A vulnerability, which was classified as critical, was found in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors.
This vulnerability is cataloged as CVE-2026-11465. The attack may be launched remotely. Furthermore, there is an exploit available.
The pull request to fix this issue awaits acceptance.
A vulnerability, which was classified as problematic, has been found in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to information disclosure.
This vulnerability is listed as CVE-2026-11464. The attack may be initiated remotely. In addition, an exploit is available.
A fix is planned for the upcoming release.