CVE-2026-5603

A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...

CVE-2026-5603 elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection

A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...

CVE-2026-5601

CVE-2026-5601 affects Acrel Electrical Prepaid Cloud Platform 1.0, specifically the Backup File Handler . The issue stems from unknown processing of the file /bin.rar , resulting in information disclosure . Exploitation is remote and the exploit has been published. The provided documents do not i...

EUVD-2026-19125

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

EUVD-2019-20083

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

EUVD-2018-21766

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start...

CVE-2026-5596

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2019-25690

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...

CVE-2019-25681

Xlight FTP Server 3.9.1 contains a structured exception handler SEH overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual...

CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE-2019-25677 WinRAR 5.61 Denial of Service via Malformed Language File

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

CVE-2019-25676

CVE-2019-25676 affects Ask Expert Script 3.0.5. The supplied documents describe two vulnerabilities: reflected cross-site scripting (XSS) and SQL injection (SQLi). The XSS and SQLi can be triggered by manipulating URL parameters, specifically the cateid parameter in categorysearch.php and the vie...

CVE-2019-25674

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

CVE-2019-25671 VA MAX 8.3.4 Remote Code Execution via changeip.php

VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtueth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtueth0 field to...

CVE-2019-25658

The CVE-2019-25658 entry concerns the a-Mac Address Change 5.4 application. The vulnerability is a local buffer overflow in the registration form handling code. Specifically, sending oversized input (212 bytes) into any of the fields—'Your Name', 'Your Company', or 'Register Code'—and clicking Re...

EUVD-2026-19111

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

EUVD-2026-19109

A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-5580 CodeAstro Online Classroom Parameter addvideos.php sql injection

A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-5580

A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-5580

CVE-2026-5580 affects CodeAstro Online Classroom 1.0. The flaw is in the file /OnlineClassroom/addvideos.php (Parameter Handler) where manipulating the argument videotitle exposes an SQL injection vulnerability. Exploitation can be performed remotely; public exploits are available. Documents indi...