5.1
CVE-2026-3721 - 1024-lab/lab1024 SmartAdmin Help Documentation HelpDocAddForm.java cross site scripting
A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes croโฆ
5.1
CVE-2026-3720 - 1024-lab/lab1024 SmartAdmin Notice notice-form-drawer.vue cross site scripting
A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. Impacted is an unknown function of the file smart-admin-web-javascript/src/views/business/oa/notice/components/notice-form-drawer.vue of the component Notice Module. The manipulation results in cross site scripting. The โฆ
6.9
CVE-2026-3719 - Tsinghua Unigroup Electronic Archives System downLoad path traversal
A vulnerability was identified in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This issue affects some unknown processing of the file /System/Cms/downLoad. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit is publiclyโฆ
4.8
CVE-2026-3716 - Wavlink WL-WN579X3-C adm.cgi sub_401AD4 cross site scripting
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the file /cgi-bin/adm.cgi. Executing a manipulation of the argument Hostname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publโฆ
8.7
CVE-2026-3715 - Wavlink WL-WN579X3-C firewall.cgi sub_40139C stack-based overflow
A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made publโฆ
5.1
CVE-2026-3714 - OpenCart Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engine
A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The attaโฆ
4.8
CVE-2026-3713 - pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execuโฆ
5.1
CVE-2026-3711 - code-projects Simple Flight Ticket Booking System Adminupdate.php sql injection
A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed reโฆ
5.1
CVE-2026-3710 - code-projects Simple Flight Ticket Booking System Adminadd.php sql injection
A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitationโฆ
6.9
CVE-2026-3709 - code-projects Simple Flight Ticket Booking System register.php sql injection
A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available โฆ