CVE-2026-5829

A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument postid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2026-5841

A weakness has been identified in Tenda i3 1.0.0.62204. The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could b...

CVE-2026-10606

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

CVE-2026-10255

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sellstatement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be launched remotely. The...

CVE-2026-10619

A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product...

CVE-2026-10224

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

CVE-2026-10620

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-10280

A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack c...

CVE-2026-10236

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely...

CVE-2026-10254

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-10281

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

CVE-2026-10290

A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched...

CVE-2026-9606

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manageuser.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

CVE-2026-10261

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/applicationstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

CVE-2026-9523

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...

CVE-2026-9550

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

CVE-2026-9551

A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xpcmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack...

CVE-2026-9524

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

CVE-2026-9584

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly a...

CVE-2026-9474

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...