Security Vulnerabilities
Permission control vulnerability in the HDC module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-02-06
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-06
Type confusion vulnerability in the camera module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
4.0
EPSS Score
0.0
Published
2026-02-06
Out-of-bounds read issue in the media subsystem.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-02-06
Identity authentication bypass vulnerability in the window module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-02-06
UAF vulnerability in the security module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-06
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation of the argument paymentId leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 7329437e1288540336b1c66c114ed3363adcba02. It is recommended to apply a patch to fix this issue.
CVSS Score
4.2
EPSS Score
0.001
Published
2026-02-06
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-06
A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-02-06
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.7
EPSS Score
0.002
Published
2026-02-06