5.3
CVE-2026-6032 - code-projects Simple Laundry System checkcheckout.php cross site scripting
A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made puβ¦
6.9
CVE-2026-6031 - code-projects Simple IT Discussion Forum add-category-function.php sql injection
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publβ¦
5.3
CVE-2026-6030 - itsourcecode Construction Management System del1.php sql injection
A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
9.3
CVE-2026-6029 - Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Theβ¦
9.6
CVE-2026-1115 - Stored XSS in parisneo/lollms
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` function within `backend/routers/social/__init__.py`, where user-provided content is directly assigneβ¦
9.3
CVE-2026-6028 - Totolink A7100RU CGI cstecgi.cgi setPptpServerCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. β¦
9.3
CVE-2026-6027 - Totolink A7100RU CGI cstecgi.cgi setUrlFilterRules os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched remoβ¦
0.0
CVE-2026-4432 - YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR
The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, β¦
0.0
CVE-2025-14545 - YML for Yandex Market < 5.0.26 - Shop Manager+ RCE via Feed Generation
The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process.
8.4
CVE-2026-28704 -
Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck.