41168 matches found
CVE-2026-6034 code-projects Vehicle Showroom Management System ProfitAndLossReport.php cross site scripting
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCHID can lead to cross site scripting. The attack may be launched remotely. The exploi...
CVE-2026-6034
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCHID can lead to cross site scripting. The attack may be launched remotely. The exploi...
CVE-2026-6034
The CVE-2026-6034 entry concerns code-projects Vehicle Showroom Management System 1.0. The vulnerability affects the file /BranchManagement/ProfitAndLossReport.php where manipulating the BRANCH_ID parameter enables cross-site scripting. The description indicates a remote attack is possible and th...
CVE-2026-6034 code-projects Vehicle Showroom Management System ProfitAndLossReport.php cross site scripting
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCHID can lead to cross site scripting. The attack may be launched remotely. The exploi...
CVE-2026-6033
CodeAstro Online Classroom 1.0 is affected by a SQL injection in updatedetailsfromstudent.php, triggered by manipulating the fname parameter (eno=146891650). The vulnerability arises from an unknown function in /updatedetailsfromstudent.php and can be exploited remotely. Public disclosure of the ...
CVE-2026-6032 code-projects Simple Laundry System checkcheckout.php cross site scripting
A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...
CVE-2026-6031 code-projects Simple IT Discussion Forum add-category-function.php sql injection
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...
CVE-2026-6031
The CVE concerns code-projects Simple IT Discussion Forum 1.0. The vulnerability is in the add-category-function.php file, where manipulation of the Category argument enables SQL injection. This is a NETWORK, low-complexity issue with no required privileges or user interaction, and it is exploita...
CVE-2026-6031 code-projects Simple IT Discussion Forum add-category-function.php sql injection
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...
EUVD-2026-21312
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. T...
EUVD-2026-21306
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...
EUVD-2026-21299
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
EUVD-2026-21311
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...
OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...
EUVD-2026-21307
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out...
EUVD-2026-21310
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit...
EUVD-2026-21313
A vulnerability was determined in Tenda i6 1.0.0.72204. Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...
EUVD-2026-21297
A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edithpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...
GHSA-52VJ-FVRV-7Q82 OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...
CVE-2026-6024
A vulnerability was determined in Tenda i6 1.0.0.72204. Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...