41209 matches found
CVE-2026-5563
A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...
CVE-2026-5562 provectus kafka-ui Endpoint testexecutions validateAccess code injection
A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and...
CVE-2026-5562
Provectus Kafka-UI
CVE-2026-5560
CVE-2026-5560 concerns PHPGurukul Online Shopping Portal Project 2.1. The vulnerable element is an unknown function in /payment-method.php within the Parameter Handler component. A manipulated paymethod argument enables SQL injection, with remote exploit possibility and a publicly available explo...
CVE-2026-5560 PHPGurukul Online Shopping Portal Project Parameter payment-method.php sql injection
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the...
CVE-2026-5557
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
CVE-2026-5559 AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...
CVE-2026-5559
AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha is affected by a vulnerability in sandbox.py:_is_safe_ast within the AST Validation component. The flaw enables improper neutralization of special elements in the template engine, with remote-exploitation potential. Exploit has been disclosed publicl...
CVE-2026-5559 AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...
CVE-2026-5558
A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
CVE-2026-5558
CVE-2026-5558 affects PHPGurukul Online Shopping Portal Project up to 2.1. The vulnerability is in an unknown function of /pending-orders.php (Parameter Handler). Manipulating the argument ID leads to SQL injection, enabling remote exploitation. The exploit has been published; CVSS indicates medi...
CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
CVE-2026-5557
The CVE-2026-5557 entry concerns badlogic pi-mono up to version 0.58.4, affecting the pi-mom Slack Bot component’s file packages/mom/src/slack.ts. The documented issue results in an authentication bypass via an alternate channel, with remote execution possible. Public exploitation is noted. No ve...
CVE-2026-5557
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The...
EUVD-2026-19046
A vulnerability was determined in Tenda AC10 16.03.10.10multiTDE01. Affected by this issue is some unknown functionality of the file /webrootro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The atta...
EUVD-2026-19050
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may be launched remotel...
EUVD-2026-19044
A vulnerability was found in Tenda AC10 16.03.10.10multiTDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely...
EUVD-2026-19040
A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...
CVE-2026-5553
A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler. Such manipulation of the argument Name leads to sql injection. The attack can be launched...