5.1
CVE-2026-1064 - bastillion-io Bastillion System Management SystemKtrl.java command injection
A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component System Management Module. Performing a manipulation results in command injection. The attack can be iβ¦
5.1
CVE-2026-1063 - bastillion-io Bastillion Public Key Management System AuthKeysKtrl.java command injection
A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads to command injection. It is possible to lauβ¦
5.3
CVE-2026-1062 - xiweicheng TMS HtmlUtil.java summary server-side request forgery
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publisβ¦
5.3
CVE-2026-1061 - xiweicheng TMS FileController.java upload unrestricted upload
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. Theβ¦
6.9
CVE-2026-1059 - FeMiner wms chkuser.php sql injection
A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried oβ¦
6.9
CVE-2026-1050 - risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be laβ¦
5.1
CVE-2026-1049 - LigeroSmart index.pl cross site scripting
A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publβ¦
5.1
CVE-2026-1048 - LigeroSmart index.pl cross site scripting
A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketZoom. This manipulation of the argument TicketID causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available β¦
6.9
CVE-2025-15532 - Open5GS Timer resource consumption
A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. β¦
6.9
CVE-2025-15531 - Open5GS context.c sgwc_bearer_add assertion
A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The iβ¦