CVE-2026-5893

Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5893

Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5878

Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5869

CVE-2026-5869 is a heap buffer overflow in WebML within Google Chrome/Chromium, exploitable via a crafted HTML page to reveal potentially sensitive process-memory data. Affected: Chromium/WebML prior to 147.0.7727.55. Remediation: upgrade to Chromium 147.0.7727.55 or newer (Debian fix 147.0.7727....

CVE-2026-5869

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-5805

A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contactus.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available...

CVE-2026-5806 code-projects Easy Blog Site update.php cross site scripting

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...

CVE-2026-5806

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...

CVE-2026-5806

CVE-2026-5806 affects code-projects’ Easy Blog Site 1.0. The vulnerability is a Cross-Site Scripting (XSS) in the /posts/update.php function, via manipulation of the postTitle parameter. Impact per documents is limited to non-persistent integrity disruption with no confidentiality or availability...

CVE-2026-5805

A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contactus.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available...

CVE-2026-5805

Code-projects Easy Blog Site (up to version 1.0) contains a SQL injection in /users/contact_us.php where manipulating the Name parameter can trigger database queries remotely. The vulnerability’s exploitability is network-based with low impact on confidentiality, integrity, and availability, and ...

CVE-2026-5803 bigsk1 openai-realtime-ui API Proxy Endpoint server.js server-side request forgery

A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request...

CVE-2026-5803

The CVE-2026-5803 entry concerns bigsk1/openai-realtime-ui (up to commit 188ccde27fdf3d8fab8da81f3893468f53b2797c) with a vulnerability in the API Proxy Endpoint’s server.js that enables server-side request forgery through a manipulated Query argument. It is described as remotely exploitable, and...

CVE-2026-5802

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2026-5802

The CVE-2026-5802 vulnerability affects idachev mcp-javadc up to 1.2.4, specifically an HTTP Interface function where manipulating the jarFilePath argument enables OS command injection. Exploitation may be possible remotely, and public PoCs exist; the vendor/project was alerted via issue reports ...

CVE-2026-5705

A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such manipulation of the argument roomname leads to cross site scripting. It is possible to launch the...

CVE-2026-5719

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the argument code can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may b...

PT-2026-31500

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw in Google Chrome's fullscreen mode allowed an attacker to perform UI spoofing using a specially crafted HTML page. This could potentially trick users into interacting with a fake...

PT-2026-32051

Уязвимость прикладного программного интерфейса util.readFileIntoStream программы просмотра и редактирования PDF-файлов Adobe Reader связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный JavaScript-к...

PT-2026-31549

Name of the Vulnerable Software and Affected Versions SourceCodester Online Food Ordering System version 1.0 Description A vulnerability exists in the function save product of the file /Actions.php within the POST Parameter Handler component. Manipulation of the price argument can lead to busines...