5.3
CVE-2026-5547 - Tenda AC10 httpd formAddMacfilterRule os command injection
A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.
5.3
CVE-2026-5546 - Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload
A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and maβ¦
8.7
CVE-2026-5544 - UTT HiPER 1250GW formRemoteControl stack-based overflow
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit hasβ¦
5.3
CVE-2026-5543 - PHPGurukul User Registration & Login and User Management System yesterday-reg-users.php sql injectiβ¦
A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. Tβ¦
5.3
CVE-2026-5542 - code-projects Simple Laundry System Parameter modstaffinfo.php cross site scripting
A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation of the argument userid can lead to cross site scripting. The attack may be launched remotely. The expβ¦
5.3
CVE-2026-5541 - code-projects Simple Laundry System Parameter modmemberinfo.php cross site scripting
A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipulation of the argument userid results in cross site scripting. The attack may be initiated remotely.β¦
6.9
CVE-2026-5540 - code-projects Simple Laundry System Parameter modifymember.php sql injection
A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remotely. The exploit hβ¦
6.4
CVE-2026-5590 - net: ip/tcp: Null pointer dereference can be triggered by a race condition
A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp_backlog_is_full() and dereferenced withoutβ¦
5.3
CVE-2026-5539 - code-projects Simple Laundry System Parameter modifymember.php cross site scripting
A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firstName causes cross site scripting. The attack can be initiated remotely. The exploit has been publisβ¦
5.3
CVE-2026-5538 - QingdaoU OnlineJudge judge_server_heartbeat Endpoint JudgeServer.service_url server-side request foβ¦
A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoint. The manipulation results in server-side request forgery. It is possible to launch the attack remβ¦