6.9
CVE-2026-3406 - projectworlds Online Art Gallery Shop Registration registration.php sql injection
A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack remotel…
2.3
CVE-2026-3405 - thinkgem JeeSite Connection path traversal
A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitab…
2.3
CVE-2026-3404 - thinkgem JeeSite Endpoint CasOutHandler.java xml external entity reference
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of thi…
4.8
CVE-2026-3403 - PHPGurukul Student Record Management System edit-subject.php cross site scripting
A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Subject 1 results in cross site scripting. The attack is possible to be carried out remotely. The expl…
4.8
CVE-2026-3402 - PHPGurukul Student Record Management System edit-course.php cross site scripting
A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The expl…
2.3
CVE-2026-3401 - SourceCodester Web-based Pharmacy Product Management System session expiration
A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the exploitab…
4.2
CVE-2026-3429 - Org.keycloak.services.resources.account: improper access control leading to mfa deletion and accoun…
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MF…
9.8
CVE-2026-26706 - SQL Injection in Pharmacy Point of Sale System v1.0
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php.
4.9
CVE-2026-26697 - SQL Injection in Simple Student Alumni System v1.0
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.
9.8
CVE-2026-26720 - Remote Code Execution Vulnerability in Twenty CRM's local.driver.ts Module
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.