CVE-2026-5539

CVE-2026-5539 affects code-projects’ Simple Laundry System 1.0, specifically an issue in the Parameter Handler’s /modifymember.php. Manipulation of the firstName argument enables cross-site scripting (XSS). The vulnerability can be triggered remotely, and an exploit has been published. The provid...

CVE-2026-5536

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpcserver.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...

EUVD-2026-19003

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

CVE-2026-5530 Ollama Model Pull API download.go server-side request forgery

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this...

CVE-2026-5527

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

PT-2026-30433

A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...

PT-2026-30450

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

PT-2026-30440

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A vulnerability exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. Manipulation of the File argument within an unknown function of the /fs file in the Configuration...

PT-2026-30439

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A flaw exists in the index config function within the /LoginCB file, leading to improper authentication. This issue is remotely exploitable, and details of the exploit have been...

CVE-2026-5526

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been...

CVE-2026-5527 Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

CVE-2026-5527 Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

CVE-2026-5527

CVE-2026-5527 affects Tenda 4G03 Pro (versions 1.0/1.0re/01.bin/04.03.01.53). The issue resides in the ECDSA P-256 Private Key Handler, specifically the /etc/www/pem/server.key, where a hard-coded private key is used. This allows a remote attacker to exploit the vulnerability over the network wit...

CVE-2026-5468

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

CVE-2026-5413

A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argument connectionDetails leads to information disclosure. The attack is possible to be carried out...

CVE-2026-5470 mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

CVE-2026-5469

CVE-2026-5469 affects Casdoor version 2.356.0, specifically the Webhook URL Handler component. A crafted manipulation can induce a server-side request forgery (SSRF) and is reportable remotely. The vulnerability involves unknown code within the Webhook URL Handler and, per disclosures, the vendor...

CVE-2026-5468

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

CVE-2026-33533

A flaw was found in Glances, an open-source system monitoring tool. The Glances XML-RPC server, when activated, sends a wildcard Access-Control-Allow-Origin header and does not validate the Content-Type header. This allows a remote attacker to craft a malicious webpage that can issue a Cross-Orig...