41189 matches found
CVE-2026-5637 projectworlds Car Rental System Parameter message_admin.php sql injection
A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /messageadmin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The...
CVE-2026-5637
CVE-2026-5637 affects projectworlds Car Rental System 1.0. The vulnerability lies in the Parameter Handler’s unknown code path that manipulates the Message argument in /message_admin.php, leading to an SQL injection. It can be exploited remotely, and the exploit has been disclosed publicly (explo...
CVE-2026-5635 PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injection
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be...
CVE-2026-5635
CVE-2026-5635 affects PHPGurukul Online Shopping Portal Project 2.1. The vulnerability is in the Parameter Handler’s /categorywise-products.php, where manipulating the cid parameter leads to SQL injection. Attacks can be launched remotely and the exploit has been released publicly. Concrete remed...
CVE-2026-5635 PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injection
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be...
CVE-2026-5635
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be...
CVE-2026-5634
CVE-2026-5634 affects the Projectworlds Car Rental Project 1.0. The vulnerability targets an unknown function in the file /book_car.php (Parameter Handler). Manipulating the fname argument results in a SQL injection, with remote, publicly available exploit code. The CVSS metrics in the connected ...
CVE-2026-5634 projectworlds Car Rental Project Parameter book_car.php sql injection
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...
CVE-2026-5634
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...
CVE-2026-5632
CVE-2026-5632 concerns assafelovic gpt-researcher (versions up to 3.4.3) where the HTTP REST API Endpoint has a missing authentication issue in a manipulated request. The vulnerability is remote, with PROOF-OF-CONCEPT exploitation and a CVSS base score in the MEDIUM-HIGH range across CVSS version...
CVE-2026-5632 assafelovic gpt-researcher HTTP REST API Endpoint missing authentication
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...
EUVD-2026-19178
A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...
EUVD-2026-19164
A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...
CVE-2026-5631 assafelovic gpt-researcher ws Endpoint server_utils.py extract_command_data code injection
A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...
CVE-2026-5629
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may...
CVE-2026-5629 Belkin F9K1015 formSetFirewall stack-based overflow
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may...
CVE-2026-5534
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be executed remotely. The...
CVE-2026-5540
A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remotely. The exploit...
CVE-2026-5541
A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipulation of the argument userid results in cross site scripting. The attack may be initiated remotel...
CVE-2026-5531
A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...