CVE-2026-5338

CVE-2026-5338 affects Tenda G103 1.0.0.5. The vulnerability is in the Setting Handler’s Setting System component, specifically the file system.lua and its function action_set_system_settings . Manipulating the argument lanIp leads to a remote command injection , with exploitation disclosed public...

CVE-2026-5338 Tenda G103 Setting system.lua action_set_system_settings command injection

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

CVE-2026-5338 Tenda G103 Setting system.lua action_set_system_settings command injection

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

CVE-2026-5334

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...

CVE-2026-5334

The CVE affects itsourcecode Online Enrollment System 1.0. The vulnerable component is the Parameter Handler, specifically the function/handler for /enrollment/index.php?view=edit&id=3 where the deptid argument is manipulated, leading to SQL injection. This vulnerability can be exploited remotely...

CVE-2026-5333 DefaultFuction Content-Management-System tools.php command injection

A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has been released to t...

CVE-2026-5330

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

CVE-2026-5328

A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing...

CVE-2026-5332

A vulnerability is identified in Xiaopi Panel 1.0.0 affecting the WAF Firewall component, specifically the /demo.php file. The issue arises from manipulation of the param argument, enabling cross-site scripting. Remote exploitation is possible, and an exploit is publicly available. The vendor was...

CVE-2026-5332 Xiaopi Panel WAF Firewall demo.php cross site scripting

A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available...

CVE-2026-5331 OpenCart Extension Installer installer.php path traversal

A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-5331

CVE-2026-5331 affects OpenCart 4.1.0.3, specifically the Extension Installer Page component and its file installer.php. The vulnerability is a path traversal issue introduced by a manipulated input, with the attack potentially executable remotely. Public disclosure of the exploit is noted, and th...

CVE-2026-5331

A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-5331 OpenCart Extension Installer installer.php path traversal

A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-5330 SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

CVE-2026-5330 SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

CVE-2026-5330

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

EUVD-2026-18202

A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been...

fast-filesystem-mcp is vulnerable to command injection through handleGetDiskUsage function

A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-5328 shsuishang modulithshop ProductItemDao ProductIndexServiceImpl.java listItem sql injection

A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing...