6.9
CVE-2026-7070 - code-projects Inventory Management System Login sql injection
A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the publiβ¦
5.1
CVE-2026-33566 - Cypher Injection in LogonTracer Permitting Database Modification
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered.
8.7
CVE-2026-33277 - OS Command Injection in LogonTracer Prior to v2.0.0 Allows Arbitrary Command Execution by Authenticβ¦
An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user.
8.6
CVE-2026-7069 - D-Link DIR-825 miniupnpd upnpsoap.c AddPortMapping buffer overflow
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within tβ¦
0.0
CVE-2026-30346 -
An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.
7.5
CVE-2026-30350 -
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
6.1
CVE-2026-29971 -
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBackβ¦
6.2
CVE-2026-35902 - Denial of Service via Persistent Digest Authentication Failure in MERCURY MIPC252W RTSP Service
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication failβ¦
8.8
CVE-2025-69689 - Local Privilege Escalation via Improper Path Handling in Fan Control Open File Dialog
The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges.
6.5
CVE-2021-36438 -
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php.