5.3
CVE-2026-5630 - assafelovic gpt-researcher Report API app.py cross site scripting
A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publisheβ¦
8.7
CVE-2026-5629 - Belkin F9K1015 formSetFirewall stack-based overflow
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may bβ¦
8.7
CVE-2026-5628 - Belkin F9K1015 Setting formSetSystemSettings stack-based overflow
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote exploitation of the β¦
5.3
CVE-2026-5625 - assafelovic gpt-researcher WebSocket researcher.py cross site scripting
A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt_researcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may bβ¦
5.3
CVE-2026-5624 - ProjectSend upload.php cross-site request forgery
A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. Uβ¦
5.3
CVE-2026-5623 - hcengineering Huly Platform Import Endpoint index.ts server-side request forgery
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly available β¦
6.3
CVE-2026-5622 - hcengineering Huly Platform JWT Token token.ts hard-coded key
A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVER_SECRET with the input secret causes use oβ¦
4.8
CVE-2026-5621 - ChrisChinchilla Vale-MCP HTTP index.ts os command injection
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument config_path results in os command injection. Attacking locally is a requirement. Tβ¦
5.3
CVE-2026-5620 - itsourcecode Construction Management System Parameter borrowed_equip_report.php sql injection
A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed_equip_report.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection. It is possible to initiate the attack remotely.β¦
4.8
CVE-2026-5619 - Braffolk mcp-summarization-functions summarize_command mcp-server.ts os command injection
A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access. Tβ¦