5.3
CVE-2026-5624 - ProjectSend upload.php cross-site request forgery
A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. Uโฆ
5.3
CVE-2026-5623 - hcengineering Huly Platform Import Endpoint index.ts server-side request forgery
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly available โฆ
6.3
CVE-2026-5622 - hcengineering Huly Platform JWT Token token.ts hard-coded key
A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVER_SECRET with the input secret causes use oโฆ
4.8
CVE-2026-5621 - ChrisChinchilla Vale-MCP HTTP index.ts os command injection
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument config_path results in os command injection. Attacking locally is a requirement. Tโฆ
5.3
CVE-2026-5620 - itsourcecode Construction Management System Parameter borrowed_equip_report.php sql injection
A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed_equip_report.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection. It is possible to initiate the attack remotely.โฆ
4.8
CVE-2026-5619 - Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection
A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access. Tโฆ
6.3
CVE-2026-5618 - kalcaddle kodbox shareMake/shareCheck server-side request forgery
A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ofโฆ
6.9
CVE-2026-5616 - JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to mโฆ
5.3
CVE-2026-5615 - givanz Vvvebjs File Upload Endpoint upload.php cross site scripting
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possible.โฆ
8.7
CVE-2026-5614 - Belkin F9K1015 formSetPassword stack-based overflow
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the pubโฆ