CVE-2026-5560

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the...

CVE-2026-5554

A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/processsearch.php of the component Parameter Handler. Performing a manipulation of the argument...

CVE-2026-5547 Tenda AC10 httpd formAddMacfilterRule os command injection

A vulnerability has been found in Tenda AC10 16.03.10.10multiTDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected...

EUVD-2026-19026

A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firstName causes cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2026-5543

A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...

CVE-2026-5540 code-projects Simple Laundry System Parameter modifymember.php sql injection

A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remotely. The exploit...

EUVD-2026-19009

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this...

CVE-2026-5539

CVE-2026-5539 affects code-projects’ Simple Laundry System 1.0, specifically an issue in the Parameter Handler’s /modifymember.php. Manipulation of the firstName argument enables cross-site scripting (XSS). The vulnerability can be triggered remotely, and an exploit has been published. The provid...

CVE-2026-5536

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpcserver.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...

EUVD-2026-19003

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

CVE-2026-5530 Ollama Model Pull API download.go server-side request forgery

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this...

CVE-2026-5527

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

PT-2026-30433

A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...

PT-2026-30496

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu lev1 parameter to extract sensitive...

PT-2026-30450

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

PT-2026-30504

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter user mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...

Beamforming Feedback As a Novel Attack Surface for Wi-Fi Physical-Layer Security

With the rapid evolution of wireless technologies, Wi-Fi has expanded beyond its original role in data transmission to support various emerging applications, particularly in physical-layer security, including device authentication, user authentication, and secret key generation. Despite extensive...

Towards Unveiling Vulnerabilities of Large Reasoning Models in Machine Unlearning

Large language models LLMs possess strong semantic understanding, driving significant progress in data mining applications. This is further enhanced by large reasoning models LRMs, which provide explicit multi-step reasoning traces. On the other hand, the growing need for the right to be forgotte...

PT-2026-30440

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A vulnerability exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. Manipulation of the File argument within an unknown function of the /fs file in the Configuration...