CVE-2026-5540

A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remotely. The exploit...

CVE-2026-5541

A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipulation of the argument userid results in cross site scripting. The attack may be initiated remotel...

CVE-2026-5531

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

CVE-2026-5542

A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation of the argument userid can lead to cross site scripting. The attack may be launched remotely. The...

CVE-2026-5625

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5625

The CVE-2026-5625 entry concerns assafelovic gpt-researcher (up to version 3.4.3) in the WebSocket Interface component. The vulnerability arises from a weakness in processing of the file gpt_researcher/skills/researcher.py, where manipulating the argument task can trigger a cross-site scripting (...

CVE-2026-5623 hcengineering Huly Platform Import Endpoint index.ts server-side request forgery

A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...

CVE-2026-5623 hcengineering Huly Platform Import Endpoint index.ts server-side request forgery

A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...

CVE-2026-5623

CVE-2026-5623 affects hcengineering Huly Platform 0.7.382, specifically the Import Endpoint in file server/front/src/index.ts. The vulnerability enables server-side request forgery (SSRF) through manipulation of the indicated component, with remote exploitability. Public exploit exists; disclosur...

CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

CVE-2026-5618

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...

CVE-2026-5616

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

CVE-2026-5620

CVE-2026-5620 affects itsourcecode Construction Management System 1.0. The vulnerable element is an unknown function in the file /borrowed_equip_report.php within the Parameter Handler component. Manipulating the argument Home leads to a SQL injection . It can be exploited remotely, and the explo...

CVE-2026-5620 itsourcecode Construction Management System Parameter borrowed_equip_report.php sql injection

A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowedequipreport.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection. It is possible to initiate the attack remotely...

EUVD-2026-19154

A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be...

EUVD-2026-19153

A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been...

EUVD-2026-19148

A flaw has been found in Tenda i12 1.0.0.113862. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wlradio causes stack-based buffer overflow. It is possible to initiate the...

EUVD-2026-19152

A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...