5.3
CVE-2026-6609 - liangliangyy DjangoBlog views.py form_valid improper authorization
A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. β¦
6.9
CVE-2026-6608 - lm-sys fastchat Arena Side-by-Side View add_text control flow
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fiβ¦
6.9
CVE-2026-6607 - lm-sys fastchat Worker API Endpoint api_generate resource consumption
A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be useβ¦
6.9
CVE-2026-6606 - modelscope agentscope _agent_base.py _process_audio_block server-side request forgery
A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attaβ¦
6.9
CVE-2026-6605 - modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgeβ¦
A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate tβ¦
6.9
CVE-2026-6604 - modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side reqβ¦
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modality/_openai_tools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument imaβ¦
6.9
CVE-2026-6603 - modelscope agentscope _python.py execute_shell_command code injection
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection. The attack is possible to be carried out remoteβ¦
6.9
CVE-2026-6602 - rickxy Hospital Management System his_admin_account.php unrestricted upload
A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation of the argument ad_dpic results in unrestricted upload. The attack can be executed remoteβ¦
5.3
CVE-2026-6601 - Lagom WHMCS Template Datatables resource consumption
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor wβ¦
9.3
CVE-2026-32956 -
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.