|
201
|
9.8 |
CRITICAL
Network
|
-
|
-
|
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2026-5964
|
2026-04-20 17:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
9.8 |
CRITICAL
Network
|
-
|
-
|
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
|
CWE-89
SQL Injection
|
CVE-2026-5963
|
2026-04-20 17:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
- |
|
-
|
-
|
A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary co…
|
CWE-78
OS Command
|
CVE-2026-6644
|
2026-04-20 16:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
- |
|
-
|
-
|
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to t…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6643
|
2026-04-20 16:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file supera…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6614
|
2026-04-20 16:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipu…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6613
|
2026-04-20 16:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6612
|
2026-04-20 16:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
3.1 |
LOW
Network
|
-
|
-
|
A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulatio…
|
CWE-320
CWE-321
Key Management Errors
Use of Hard-coded Cryptographic Key
|
CVE-2026-6611
|
2026-04-20 16:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipula…
|
CWE-259
CWE-798
Use of Hard-coded Password
Use of Hard-coded Credentials
|
CVE-2026-6610
|
2026-04-20 15:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper a…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-6609
|
2026-04-20 15:16 |
2026-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
