CVE-2026-7097

A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been...

CVE-2026-7095 code-projects Employee Management System edit.php cross site scripting

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

CVE-2026-7095 code-projects Employee Management System edit.php cross site scripting

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

CVE-2026-7086

A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The...

CVE-2026-7087

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-7088

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

EUVD-2026-25783

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

CVE-2026-7094 ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

CVE-2026-7094

ShadowCloneLabs GlutamateMCPServers contains a server-side request forgery via puppeteer_navigate (src/puppeteer/index.ts). Manipulating the argument url can trigger SSRF from remote, with no disclosed patch version. CVSS estimates range from 4.0 to 3.0/3.1 depending on vector, all indicating med...

EUVD-2026-25782

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

CVE-2026-7093

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

CVE-2026-7093

CVE-2026-7093 affects the code-projects Invoice System in Laravel 1.0 . The vulnerability exists in the Invoice Endpoint, specifically an unspecified function under the path /invoice/ where manipulating the argument ID leads to improper authorization. It is a network‑accessible issue with LOW to ...

CVE-2026-7092 code-projects Invoice System in Laravel Profile profile improper authorization

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

CVE-2026-7090 code-projects Chat System send_message.php cross site scripting

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

CVE-2026-7090

CVE-2026-7090 affects code-projects Chat System 1.0 via /admin/send_message.php: the msg parameter is vulnerable to cross-site scripting. The issue arises from improper handling of the argument, enabling remote exploitation with a public exploit. No remediation details are provided in the availab...

EUVD-2026-25773

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated...

CVE-2026-7089

CVE-2026-7089 affects code-projects Home Service System 1.0. The vulnerability targets the Appointment Booking component, specifically the /booking.php file, where manipulation of the fname/lname parameters enables cross-site scripting. The description notes remote initiation and publicly disclos...

CVE-2026-7088 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...