5.3
CVE-2026-6583 - TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorization
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be caโฆ
6.9
CVE-2026-6582 - TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_db_detailsโฆ
A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attacโฆ
8.7
CVE-2026-6581 - H3C Magic B1 aspForm SetMobileAPInfoById buffer overflow
A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now pโฆ
6.9
CVE-2026-6580 - liangliangyy DjangoBlog Amap API Call views.py hard-coded key
A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launcheโฆ
6.9
CVE-2026-6579 - liangliangyy DjangoBlog Clean Endpoint views.py missing authentication
A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the publโฆ
6.3
CVE-2026-6578 - liangliangyy DjangoBlog Setting settings.py hard-coded credentials
A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET_KEY results in hard-coded credentials. The attack can be launched remotely. Theโฆ
6.9
CVE-2026-6577 - liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication
A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly avโฆ
5.3
CVE-2026-6576 - liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is possiblโฆ
6.9
CVE-2026-6574 - osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The eโฆ
5.3
CVE-2026-6573 - PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. โฆ