41187 matches found
CVE-2026-5209
CVE-2026-5209 affects SourceCodester Leave Application System 1.0; the vulnerability lies in the User Management Handler, enabling cross-site scripting. The attack could be launched remotely and public exploit information is available. No remediation details are provided in the supplied documents.
CVE-2026-5209 SourceCodester Leave Application System User Management cross site scripting
A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2026-5206 code-projects Simple Gym Management System Payment sql injection
A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Paymentid/Amount/customerid/paymenttype/customername leads to sql injection. Remote exploitation...
CVE-2026-5205
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...
CVE-2026-5205 chatwoot Webhook API trigger.rb Trigger server-side request forgery
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...
CVE-2026-5205
The CVE-2026-5205 vulnerability affects chatwoot up to version 4.11.2, specifically the Webhooks::Trigger function in lib/webhooks/trigger.rb of the Webhook API. The root cause is manipulation of the argument url, enabling server-side request forgery (SSRF). The issue is exploitable remotely, wit...
CVE-2026-5205
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...
CVE-2026-5203
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...
CVE-2026-5204
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...
CVE-2026-5204 Tenda CH22 Parameter webtypelibrary formWebTypeLibrary stack-based overflow
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...
CVE-2026-5204 Tenda CH22 Parameter webtypelibrary formWebTypeLibrary stack-based overflow
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...
CVE-2026-5204
The CVE-2026-5204 entry concerns the Tenda CH22 1.0.0.1 device. Affected is the function formWebTypeLibrary within /goform/webtypelibrary of the Parameter Handler. The input argument webSiteId can be manipulated to trigger a stack-based buffer overflow, exposing the device to remote exploitation....
CVE-2026-5203 CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...
CVE-2026-5203
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...
CVE-2026-5203
CMS Made Simple
CVE-2026-33581
OpenClaw before 2026.3.24 contains a sandbox bypass in the message tool that allows reading arbitrary local files via the mediaUrl and fileUrl alias parameters, which bypass localRoots validation. Attack appears to be possible when routing file requests through unvalidated aliases to access files...
EUVD-2026-17399
A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...
EUVD-2026-17353
A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...
CVE-2026-5198 code-projects Student Membership System Admin Login index.php sql injection
A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...
CVE-2026-5197 code-projects Student Membership System delete_user.php sql injection
A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...