Posts of last 24 hours
A vulnerability classified as problematic was found in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash.
This vulnerability is known as CVE-2026-14738. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The pull request to fix this issue awaits acceptance.
https://vuldb.com/vuln/376321
Submit #848742 / VDB-352801
https://vuldb.com/submit/848742
A vulnerability classified as critical has been found in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection.
This vulnerability is traded as CVE-2026-14737. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
https://vuldb.com/vuln/376320
Opera научилась блокировать атаки ClickFix до запуска команды.
https://www.securitylab.ru/news/574427.php
Submit #848737 / VDB-376321
https://vuldb.com/submit/848737
A vulnerability described as problematic has been identified in phpIPAM. This affects an unknown function of the component API. Executing a manipulation can lead to improper control of filename for include/require statement in php program ('php remote file inclusion').
This vulnerability appears as CVE-2026-12194. The attack may be performed from remote. There is no available exploit.
It is best practice to apply a patch to resolve this issue.
https://vuldb.com/vuln/376319
A vulnerability marked as critical has been reported in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of the argument upload_image results in unrestricted upload.
This vulnerability is reported as CVE-2026-14736. The attack is possible to be carried out remotely. Moreover, an exploit is present.
https://vuldb.com/vuln/376318
Submit #848640 / VDB-376320
https://vuldb.com/submit/848640
A vulnerability labeled as critical has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of the argument street/city/status leads to sql injection.
This vulnerability is documented as CVE-2026-14735. The attack can be executed remotely. Additionally, an exploit exists.
https://vuldb.com/vuln/376317
Submit #848624 / VDB-376318
https://vuldb.com/submit/848624