7.1
CVE-2026-41465 - ProjeQtor < 12.4.4 Path Traversal via dynamicDialog.php
ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequencβ¦
7.1
CVE-2026-41464 - ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access coβ¦
8.7
CVE-2026-41463 - ProjeQtor < 12.4.4 ZipSlip Path Traversal via uploadPlugin.php
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory traversal sequences. Aβ¦
9.3
CVE-2026-41462 - ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username fiβ¦
5.1
CVE-2026-7134 - code-projects Online Lot Reservation System edithousepic.php unrestricted upload
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might beβ¦
5.1
CVE-2026-7133 - code-projects Online Lot Reservation System activity.php unrestricted upload
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and maβ¦
6.9
CVE-2026-7132 - code-projects Online Lot Reservation System download.php readfile path traversal
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and couldβ¦
8.2
CVE-2026-40514 - SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possibβ¦
5.3
CVE-2026-6357 - pip self-update functionality can import newly installed modules after wheel installation
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run befβ¦
6.9
CVE-2026-7131 - code-projects Online Lot Reservation System loginuser.php sql injection
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has beβ¦