5.3
CVE-2026-3795 - doramart DoraCMS v1.js createFileBypath path traversal
A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may bβ¦
6.9
CVE-2026-3794 - doramart DoraCMS Email API send improper authentication
A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and mighβ¦
5.3
CVE-2026-3793 - SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remoteβ¦
5.3
CVE-2026-3792 - SourceCodester Sales and Inventory System GET Parameter purchase_invoice.php sql injection
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed from remote. The exploiβ¦
5.3
CVE-2026-3791 - SourceCodester Sales and Inventory System Search dashboard.php sql injection
A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out remoteβ¦
5.3
CVE-2026-3790 - SourceCodester Sales and Inventory System POST Parameter check_supplier_details.php sql injection
A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_supplier_details.php of the component POST Parameter Handler. Executing a manipulation of the argument stock_name1 can lead to sql injection. The attaβ¦
5.3
CVE-2026-3789 - Bytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request foβ¦
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl resultβ¦
5.3
CVE-2026-3788 - Bytedesk SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels server-side β¦
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of the β¦
7.3
CVE-2026-3787 - UltraVNC Windows Service cryptbase.dll uncontrolled search path
A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. Tβ¦
5.3
CVE-2026-3786 - EasyCMS Request Parameter RbacuserAction.class.php sql injection
A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order results in sql injection. The attack can be launched remotely. The exploit β¦