6.9
CVE-2026-6605 - modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forge…
A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate t…
6.9
CVE-2026-6604 - modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side req…
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modality/_openai_tools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument ima…
6.9
CVE-2026-6603 - modelscope agentscope _python.py execute_shell_command code injection
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection. The attack is possible to be carried out remote…
6.9
CVE-2026-6602 - rickxy Hospital Management System his_admin_account.php unrestricted upload
A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation of the argument ad_dpic results in unrestricted upload. The attack can be executed remote…
5.3
CVE-2026-6601 - Lagom WHMCS Template Datatables resource consumption
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor w…
9.3
CVE-2026-32956 - Heap‑Based Buffer Overflow in Redirect URL Processing Allows Arbitrary Code Execution
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
8.7
CVE-2026-32955 - Stack-based Buffer Overflow in Redirect URL Processing Allowing Arbitrary Code Execution
SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
6.9
CVE-2026-32957 - Unauthenticated File Upload in Silex AMC Manager and SD-330AC Firmware
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication.
6.9
CVE-2026-32958 - Hard‑Coded Cryptographic Key Enables Fake Firmware Updates
SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update.
8.2
CVE-2026-32959 - Weak Cryptographic Algorithm Enables Man‑in‑the‑Middle Data Retrieval
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack.