Hai271120

#9816of 53,633
28.1Total CVSS
Vulnerabilities · 5
Medium
5
PT-2026-39405
6.5
2026-05-09
Akaunting · Akaunting · CVE-2026-8193
**Name of the Vulnerable Software and Affected Versions** Akaunting version 3.1.21 **Description** A weakness in the Invoice PDF Rendering component allows for server-side request forgery (SSRF), a flaw where an attacker can induce the server to make requests to an unintended location. This issue occurs during the processing of the file 'config/dompdf.php' and can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-39416
5.3
2026-05-09
Aandrew Me · Tgpt · CVE-2026-8210
**Name of the Vulnerable Software and Affected Versions** andrew-me tgpt versions prior to 2.11.2 **Description** Command injection is possible in the Update Handler component via the `Update()` function within the `helper.go` file. This issue requires local access to be exploited. **Recommendations** Update to a version later than 2.11.1. As a temporary workaround, restrict access to the `Update()` function in the Update Handler component.
PT-2026-34046
6.5
2026-04-21
Bagisto · Bagisto · CVE-2026-6744
**Name of the Vulnerable Software and Affected Versions** Bagisto versions prior to 2.3.16 **Description** An issue exists in the Downloadable Link Handler component within the `copy()` function. Remote manipulation of this function can lead to server-side request forgery, a flaw where an attacker can induce the server-side application to make requests to an unintended location. **Recommendations** As a temporary workaround, consider restricting the use of the `copy()` function in the Downloadable Link Handler component until a patch is available.
PT-2026-34047
4.0
2026-04-21
Bagisto · Bagisto · CVE-2026-6745
**Name of the Vulnerable Software and Affected Versions** Bagisto versions prior to 2.3.16 **Description** An issue exists in the Custom Scripts Handler component that allows for cross site scripting. This flaw enables remote exploitation through the manipulation of an unknown functionality within the component. **Recommendations** Update to a version newer than 2.3.15.
PT-2026-29734
5.8
2026-04-02
Opencart · Opencart · CVE-2026-5331
Name of the Vulnerable Software and Affected Versions OpenCart version 4.1.0.3 Description A path traversal issue exists in the Extension Installer Page component, specifically within the `installer.php` file. A remote attacker can exploit this to traverse file paths. The vulnerability has been publicly disclosed, and the vendor was notified but did not respond. Recommendations Update to a newer version that contains a fix for this vulnerability.