5.3
CVE-2026-0733 - PHPGurukul Online Course Registration System manage-students.php sql injection
A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit β¦
5.3
CVE-2026-0732 - D-Link DI-8200G upgrade_filter.asp command injection
A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used.
6.9
CVE-2026-0731 - TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference
A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosβ¦
4.8
CVE-2026-0730 - PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting
A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADD_STAFF/UPDATE_STAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profile_pic can lead to cross site scriptingβ¦
5.1
CVE-2026-0729 - code-projects Intern Membership Management System add_activity.php sql injection
A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /intern/admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. Remote exploitation of the attack is possible. The exploit is β¦
7.2
CVE-2025-14436 - Brevo for WooCommerce <= 4.0.49 - Unauthenticated Stored Cross-Site Scripting
The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βuser_connection_idβ parameter in all versions up to, and including, 4.0.49 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject β¦
5.6
CVE-2025-14505 - Elliptic Cryptanalysis vulnerability when `k` has leading zeros
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This hβ¦
7.5
CVE-2025-15464 - KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking
Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.
6.5
CVE-2026-22588 - Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an authenticated user to retrieve other usersβ address information by modifying β¦
5.1
CVE-2026-0728 - code-projects Intern Membership Management System delete_admin.php sql injection
A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/delete_admin.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The expβ¦