5.1
CVE-2026-42371 - uriparser: uriparser: Denial of Service via numeric truncation with oversized URIs
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
5.3
CVE-2026-7092 - code-projects Invoice System in Laravel Profile profile improper authorization
A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been discβ¦
5.3
CVE-2026-7091 - code-projects Invoice System in Laravel User Management user improper authorization
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may bβ¦
4.8
CVE-2026-7090 - code-projects Chat System send_message.php cross site scripting
A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public aβ¦
5.3
CVE-2026-7089 - code-projects Home Service System Appointment Booking booking.php cross site scripting
A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated remβ¦
6.9
CVE-2026-7088 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit β¦
6.9
CVE-2026-7087 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been rβ¦
5.3
CVE-2026-7086 - HBAI-Ltd Toonflow-app Storyboard Export replaceUrl.ts updateStoryboardUrl path traversal
A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The expβ¦
2.3
CVE-2026-7085 - HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal
A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the aβ¦
5.3
CVE-2026-7084 - HBAI-Ltd Toonflow-app getCodeByLink Endpoint getCodeByLink.ts fetch server-side request forgery
A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The manipulation of the argument Link results in server-side request forgery. The attack may be perfoβ¦