6.9
CVE-2026-7074 - itsourcecode Construction Management System execute1.php sql injection
A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public β¦
6.9
CVE-2026-7073 - itsourcecode Construction Management System execute.php sql injection
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
6.9
CVE-2026-7072 - CodePanda Source canteen_management_system login.php sql injection
A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and mayβ¦
6.9
CVE-2026-7071 - CodeAstro Online Job Portal user-cvs file information disclosure
A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has bβ¦
6.9
CVE-2026-7070 - code-projects Inventory Management System Login sql injection
A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the publiβ¦
5.1
CVE-2026-33566 - Cypher Injection in LogonTracer Permitting Database Modification
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered.
8.7
CVE-2026-33277 - OS Command Injection in LogonTracer Prior to v2.0.0 Allows Arbitrary Command Execution by Authenticβ¦
An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user.
8.6
CVE-2026-7069 - D-Link DIR-825 miniupnpd upnpsoap.c AddPortMapping buffer overflow
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within tβ¦
0.0
CVE-2026-30346 -
An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.
7.5
CVE-2026-30350 -
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.