5.1
CVE-2025-13480 - Incorrect authorization in Fudo Enterprise
Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fix…
4.8
CVE-2026-6622 - BichitroGan ISP Billing Software Customer edit cross site scripting
A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\_route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly avail…
6.9
CVE-2026-6621 - 1024bit extend-deep index.js prototype pollution
A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. T…
5.3
CVE-2026-6620 - SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal
A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has bee…
8.5
CVE-2026-39454 -
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be …
5.1
CVE-2026-6619 - langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be initia…
5.3
CVE-2026-6618 - langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-s…
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. …
8.7
CVE-2026-5967 - TeamT5|ThreatSonar Anti-Ransomware - Privilege Escalation
ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.
7.2
CVE-2026-5966 - TeamT5|ThreatSonar Anti-Ransomware - Arbitrary File Deletion
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
9.3
CVE-2026-5964 - Digiwin|EasyFlow .NET - SQL Injection
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.