7.3
CVE-2026-5599 - API allows deletion of users of other instance
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds.
8.7
CVE-2026-5566 - UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public aβ¦
6.9
CVE-2026-5565 - code-projects Simple Laundry System Parameter delmemberinfo.php sql injection
A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack may be launched β¦
6.9
CVE-2026-5564 - code-projects Simple Laundry System Parameter searchguest.php sql injection
A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The attack may be initiated β¦
5.3
CVE-2026-5563 - AutohomeCorp frostmourne Alarm Preview previewData httpTest sql injection
A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released tβ¦
6.9
CVE-2026-5562 - provectus kafka-ui Endpoint testexecutions validateAccess code injection
A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and miβ¦
5.3
CVE-2026-5561 - Campcodes Complete POS Management and Inventory System Environment Variable SettingsController.php β¦
A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is possiblβ¦
5.3
CVE-2026-5560 - PHPGurukul Online Shopping Portal Project Parameter payment-method.php sql injection
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the atβ¦
5.3
CVE-2026-5559 - AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template eβ¦
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack maβ¦
5.3
CVE-2026-5558 - PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection
A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. β¦