6.6
CVE-2026-3008 - Vulnerability in Notepad++
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.
5.3
CVE-2026-7093 - code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be β¦
5.1
CVE-2026-42371 - uriparser: uriparser: Denial of Service via numeric truncation with oversized URIs
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
5.3
CVE-2026-7092 - code-projects Invoice System in Laravel Profile profile improper authorization
A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been discβ¦
5.3
CVE-2026-7091 - code-projects Invoice System in Laravel User Management user improper authorization
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may bβ¦
4.8
CVE-2026-7090 - code-projects Chat System send_message.php cross site scripting
A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public aβ¦
5.3
CVE-2026-7089 - code-projects Home Service System Appointment Booking booking.php cross site scripting
A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated remβ¦
6.9
CVE-2026-7088 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit β¦
6.9
CVE-2026-7087 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been rβ¦
5.3
CVE-2026-7086 - HBAI-Ltd Toonflow-app Storyboard Export replaceUrl.ts updateStoryboardUrl path traversal
A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The expβ¦