CVE-2026-5607 imprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgery

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

CVE-2026-5607 imprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgery

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

CVE-2026-5607

A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...

CVE-2026-5607

CVE-2026-5607 affects imprvhub mcp-browser-agent up to 0.8.0. The vulnerability resides in URL Parameter Handler’s CallToolRequestSchema within src/handlers.ts where manipulating request.params.name/request.params.arguments enables server-side request forgery. Public exploit disclosure and remote...

CVE-2026-5606

The CVE-2026-5606 entry describes a SQL injection vulnerability in PHPGurukul Online Shopping Portal Project 2.1, specifically in the Parameter Handler’s unknown function within /order-details.php where the orderid argument is manipulable. The issue can be exploited remotely by an attacker and is...

PT-2026-30581

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been mad...

PT-2026-30591

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It ...

PT-2026-30580

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be...

PT-2026-30681

A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move uploaded file of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload...

PT-2026-30597

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin feature.php of the component Add Product Page. The manipulation of the argument product name results in cross site scripting. The attack may be launched remotely. The exploit...

PT-2026-30748

A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released...

PT-2026-30567

A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks...

PT-2026-30556

A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

PT-2026-30749

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313 b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed...

PT-2026-30557

A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been...

VulnCheck KEV: CVE-2026-3965

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

PT-2026-30593

A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of the component Admin Add Endpoint. Such manipulation of the argument $ SERVER'PHP SELF' leads to cros...

PT-2026-30678

A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $ SERVER'PHP SELF' causes cross site scripting. It is possible to initiate...

PT-2026-30604

A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed equip.php of the component Parameter Handler. This manipulation of the argument emp causes sql injection. The attack may be initiated remotely. The...

PT-2026-30569

A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been...