CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function getesdatabyhttp of the file backend/apps/db/esengine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated...

CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function getesdatabyhttp of the file backend/apps/db/esengine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated...

CVE-2026-5368

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

CVE-2026-5368 projectworlds Car Rental Project Parameter login.php sql injection

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

CVE-2026-34786 Rack: Rack::Static header_rules bypass via URL-encoded paths

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

EUVD-2026-18346

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...

EUVD-2026-18342

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

EUVD-2026-18340

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

CVE-2026-5339

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

CVE-2026-5344 Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...

CVE-2026-5334

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...

CVE-2026-5338

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

CVE-2026-5338

CVE-2026-5338 affects Tenda G103 1.0.0.5. The vulnerability is in the Setting Handler’s Setting System component, specifically the file system.lua and its function action_set_system_settings . Manipulating the argument lanIp leads to a remote command injection , with exploitation disclosed public...

CVE-2026-5338 Tenda G103 Setting system.lua action_set_system_settings command injection

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

CVE-2026-5338 Tenda G103 Setting system.lua action_set_system_settings command injection

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

CVE-2026-5334

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...

CVE-2026-5330

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

CVE-2026-5330

The CVE affects SourceCodester/mayuri_k Best Courier Management System 1.0. Affected component: /ajax.php?action=delete_user (User Delete Handler). The issue arises from manipulating the ID argument, leading to improper access controls. Exploitation is possible remotely and public exploits exist ...

EUVD-2026-18183

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

CVE-2026-5326

A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manageuser of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely...