6.5
CVE-2025-66954 - Unauthenticated Username Enumeration via /nasapi Endpoint in Buffalo Link Station Firmware 1.85-0.01
A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint.
9.9
CVE-2026-30269 - Doorman Improper Access Control Allows Privilege Escalation
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for self-updates, enabling priviโฆ
8.2
CVE-2026-39110 - Unauthenticated SQL Injection in Forgot Password Page of Apartment Visitors Management System
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve seโฆ
5.3
CVE-2026-6586 - TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. Tโฆ
5.3
CVE-2026-6585 - TransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisation authorโฆ
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypaโฆ
5.3
CVE-2026-6584 - TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be perfโฆ
5.3
CVE-2026-6583 - TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorization
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be caโฆ
6.9
CVE-2026-6582 - TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_db_detailsโฆ
A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attacโฆ
8.7
CVE-2026-6581 - H3C Magic B1 aspForm SetMobileAPInfoById buffer overflow
A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now pโฆ
6.9
CVE-2026-6580 - liangliangyy DjangoBlog Amap API Call views.py hard-coded key
A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launcheโฆ