CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/06 9:0 a.m.•12 views

CVE-2026-5640

The CVE-2026-5640 entry concerns PHPGurukul Online Shopping Portal Project 2.1. The vulnerability is an SQL injection in an unknown function within /admin/update-image2.php of the Parameter Handler, triggered by manipulating the filename argument. It is described as remotely exploitable and publi...

6.5CVSS6.4AI score0.00036EPSS

Cvelist•added 2026/04/06 8:45 a.m.•29 views

CVE-2026-5639 PHPGurukul Online Shopping Portal Project Parameter update-image3.php sql injection

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...

6.5CVSS0.00012EPSS

NVD•added 2026/04/06 8:16 a.m.•0 views

CVE-2026-5634

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...

7.5CVSS0.0004EPSS

Vulnrichment•added 2026/04/06 8:15 a.m.•2 views

CVE-2026-5637 projectworlds Car Rental System Parameter message_admin.php sql injection

A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /messageadmin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The...

7.5CVSS6.9AI score0.0004EPSS

CVE•added 2026/04/06 8:15 a.m.•7 views

CVE-2026-5637

CVE-2026-5637 affects projectworlds Car Rental System 1.0. The vulnerability lies in the Parameter Handler’s unknown code path that manipulates the Message argument in /message_admin.php, leading to an SQL injection. It can be exploited remotely, and the exploit has been disclosed publicly (explo...

7.5CVSS6.9AI score0.0004EPSS

CVE•added 2026/04/06 8:0 a.m.•9 views

CVE-2026-5636

CVE-2026-5636 affects PHPGurukul Online Shopping Portal Project 2.1, specifically an issue in the Parameter Handler for the /cancelorder.php endpoint. Manipulation of the argument oid enables SQL injection, with remote exploitation possible. The description notes that an exploit has been made pub...

ATTACKERKB•added 2026/04/06 8:0 a.m.•2 views

CVE-2026-5636

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been mad...

Exploits0References5Affected Software1

ATTACKERKB•added 2026/04/06 7:45 a.m.•4 views

CVE-2026-5635

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be...

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/06 7:45 a.m.•0 views

CVE-2026-5635 PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injection

EUVD•added 2026/04/06 6:30 a.m.•2 views

EUVD-2026-19172

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

6.3CVSS5.3AI score0.00038EPSS