5.3
CVE-2026-5537 - halex CourseSEL HTTP GET Parameter IndexController.class.php check_sel sql injection
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection. β¦
6.9
CVE-2026-5536 - FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this discloβ¦
5.3
CVE-2026-5535 - FedML-AI FedML MQTT Message FileUtils.java path traversal
A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The eβ¦
6.9
CVE-2026-5534 - itsourcecode Online Enrollment System Parameter index.php sql injection
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be executed remotely. Theβ¦
5.3
CVE-2026-5533 - badlogic pi-mono SVG Artifact SvgArtifact.ts cross site scripting
A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. β¦
5.3
CVE-2026-5532 - ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os cβ¦
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack mayβ¦
6.9
CVE-2026-5531 - SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext stβ¦
A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotelyβ¦
5.3
CVE-2026-5530 - Ollama Model Pull API download.go server-side request forgery
A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disβ¦
5.3
CVE-2026-5529 - Dromara lamp-cloud DefUserController pageUser improper authorization
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now puβ¦
5.3
CVE-2026-5528 - MoussaabBadla code-screenshot-mcp HTTP os command injection
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may bβ¦