CVE-2026-10265

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

CVE-2026-10274

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...

CVE-2026-10302

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2026-9534

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-9512

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can b...

CVE-2026-9486

A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks...

CVE-2026-9604

A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-9609

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem...

CVE-2026-9467

A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The...

CVE-2026-6159

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

CVE-2026-6609

A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function formvalid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2026-6034

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCHID can lead to cross site scripting. The attack may be launched remotely. The exploi...

CVE-2026-6636

A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack...

CVE-2026-6487

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-6650

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

CVE-2026-6634

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

CVE-2026-6184

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

CVE-2026-6496

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

CVE-2026-6614

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...

CVE-2026-6005

A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematologyprint.php. Executing a manipulation of the argument hemid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...