CVE-2026-5418

The CVE affects appsmith.org Appsmith Dashboard up to version 1.97, specifically the computeDisallowedHosts function in WebClientUtils.java. The issue enables server-side request forgery (SSRF) and may be exploitable remotely; an exploit is publicly available. Mitigation provided in the sources i...

CVE-2026-5368

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function getesdatabyhttp of the file backend/apps/db/esengine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated...

CVE-2026-5370 krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

CVE-2026-5370 krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

CVE-2026-5354

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpnconnect of the file /setup.cgi. Executing a manipulation of the argument policyname can lead to os command injection. The attack can be executed remotely. The exploit has been published and may ...

CVE-2026-5360

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...

CVE-2026-5368

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

CVE-2026-5368 projectworlds Car Rental Project Parameter login.php sql injection

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

CVE-2026-5360 Free5GC aper type confusion

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...

CVE-2026-5360

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...

CVE-2026-20174

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...

CVE-2026-5355 Trendnet TEW-657BRM setup.cgi vpn_drop os command injection

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpndrop of the file /setup.cgi. The manipulation of the argument policyname leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

CVE-2026-5354 Trendnet TEW-657BRM setup.cgi vpn_connect os command injection

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpnconnect of the file /setup.cgi. Executing a manipulation of the argument policyname can lead to os command injection. The attack can be executed remotely. The exploit has been published and may ...

CVE-2026-5353 Trendnet TEW-657BRM setup.cgi ping_test os command injection

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

CVE-2026-5352 Trendnet TEW-657BRM setup.cgi edit os command injection

A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdblist leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used...

CVE-2026-5352 Trendnet TEW-657BRM setup.cgi edit os command injection

A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdblist leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used...

CVE-2026-5352

CVE-2026-5352 affects Trendnet TEW-657BRM firmware 1.00.1. The Edit function in /setup.cgi processes the pcdb_list argument and is vulnerable to os command injection due to improper input handling. Exploitation can be remote, and public disclosures exist. Several connected sources confirm the aff...

CVE-2026-5351

A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function addwpsclient of the file /setup.cgi. This manipulation of the argument wlenroleepin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and coul...

EUVD-2026-18348

A vulnerability was determined in huimeicloud hmeditor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attac...