8.8
CVE-2019-25442 - Web Wiz Forums 12.01 SQL Injection via PF Parameter
Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information.
5.1
CVE-2026-2946 - rymcu forest Article Content/Comments/Portfolio XssUtils.java XssUtils.replaceHtmlCode cross site sโฆ
A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting. โฆ
5.3
CVE-2026-2945 - JeecgBoot uploadImgByHttp server-side request forgery
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has been โฆ
6.9
CVE-2026-2944 - Tosei Online Store Management System ใใใๅบ่็ฎก็ใทในใใ HTTP POST Request monitor.php system os command inโฆ
A security flaw has been discovered in Tosei Online Store Management System ใใใๅบ่็ฎก็ใทในใใ 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack may โฆ
5.3
CVE-2026-2943 - SapneshNaik Student Management System index.php cross site scripting
A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The attack can be launched remotely. The exploit is โฆ
6.9
CVE-2026-2940 - Zaher1307 tiny_web_server URL tiny.c out-of-bounds write
A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the component URL Handler. This manipulation causes out-of-bounds write. The attack can be initiated remโฆ
4.8
CVE-2026-2939 - itsourcecode Student Management System Add Student add_student cross site scripting
A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been maโฆ
6.9
CVE-2026-2938 - SourceCodester Student Result Management System update_smtp.php access control
A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit hasโฆ
5.3
CVE-2026-2385 - The Plus Addons for Elementor โ Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerโฆ
The The Plus Addons for Elementor โ Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting attacker-contโฆ
8.6
CVE-2026-2935 - UTT HiPER 810G ConfigExceptMSN strcpy buffer overflow
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to tโฆ