EUVD-2026-19007

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

CVE-2026-5539

A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firstName causes cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2026-5539 code-projects Simple Laundry System Parameter modifymember.php cross site scripting

A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firstName causes cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2026-5538 QingdaoU OnlineJudge judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery

A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function serviceurl of the file JudgeServer.serviceurl of the component judgeserverheartbeat Endpoint. The manipulation results in server-side request forgery. It is possible to launch the attack...

CVE-2026-5537

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function checksel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...

CVE-2026-5537

CVE-2026-5537 affects halex CourseSEL up to version 1.1.0. The vulnerability resides in the HTTP GET Parameter Handler, specifically the function check_sel in Apps/Index/Controller/IndexController.class.php, where manipulation of the seid argument leads to SQL injection. It can be triggered remot...

CVE-2026-5536

FedML-AI prior to 0.8.9 contains a deserialization vulnerability in the gRPC server component, specifically the sendMessage function in grpc_server.py. The issue allows remote manipulation that can lead to deserialization of crafted input, potentially impacting confidentiality, integrity, and ava...

CVE-2026-5532

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

CVE-2026-5533

A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible...

CVE-2026-5535

FedML-AI FedML up to 0.8.9 has a path traversal flaw in the MQTT Message Handler’s FileUtils.java triggered by manipulating the dataSet argument. The issue is remotely exploitable and an exploit has been publicly released. Affected component: MQTT Message Handler (FileUtils.java) within FedML-Fed...

CVE-2026-5535

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The...

CVE-2026-5534 itsourcecode Online Enrollment System Parameter index.php sql injection

A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be executed remotely. T...

CVE-2026-5533

A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible...

CVE-2026-5533

The CVE-2026-5533 entry concerns badlogic pi-mono 0.58.4. The vulnerability affects the SVG Artifact Handler, specifically the SvgArtifact.ts file under packages/web-ui/src/tools/artifacts. It is caused by manipulation of an unknown function, leading to cross-site scripting. Remote exploitation i...

CVE-2026-5529

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

CVE-2026-5531 SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

CVE-2026-5530

Ollama up to 18.1 contains a flaw in the Model Pull API’s file server/download.go that allows manipulation leading to server-side request forgery (SSRF). The issue can be exploited remotely. Connected sources confirm the vulnerable component and impact, but no vendor patch or remediation is docum...

CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...