5.3
CVE-2026-1141 - PHPGurukul News Portal Add Sub-Admin add-subadmins.php improper authorization
A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly availabβ¦
8.7
CVE-2026-1140 - UTT θΏε 520W ConfigExceptAli strcpy buffer overflow
A vulnerability was found in UTT θΏε 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted β¦
8.7
CVE-2026-1139 - UTT θΏε 520W ConfigExceptMSN strcpy buffer overflow
A vulnerability has been found in UTT θΏε 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Thβ¦
8.7
CVE-2026-1138 - UTT θΏε 520W ConfigExceptQQ strcpy buffer overflow
A flaw has been found in UTT θΏε 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early aboutβ¦
8.7
CVE-2026-1137 - UTT θΏε 520W formWebAuthGlobalConfig strcpy buffer overflow
A vulnerability was detected in UTT θΏε 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig. Performing a manipulation results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. Thβ¦
5.1
CVE-2026-1136 - lcg0124 BootDo ContentController save cross site scripting
A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title causes cross site scripting. Remote exploitation β¦
5.3
CVE-2026-1135 - itsourcecode Society Management System activity.php cross site scripting
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the publβ¦
7.5
CVE-2026-0943 - HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereβ¦
HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability.Β Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hb_src.tar.gz in the source tarball, which is affected by CVE-2026-22693.
5.3
CVE-2026-1134 - itsourcecode Society Management System expenses.php cross site scripting
A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might beβ¦
6.9
CVE-2026-1133 - Yonyou KSOA HTTP GET Parameter folder.jsp sql injection
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has bβ¦