5.3
CVE-2026-2111 - JeecgBoot Retrieval-Augmented Generation edit path traversal
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can beβ¦
6.3
CVE-2026-2110 - Tasin1025 SwiftBuy login.php excessive authentication
A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitβ¦
5.3
CVE-2026-2109 - jsbroks COCO Annotator Delete Category undo improper authorization
A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicly β¦
6.9
CVE-2026-2108 - jsbroks COCO Annotator Endpoint long_task denial of service
A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utiβ¦
5.3
CVE-2026-2107 - yeqifu warehouse Log Info LoginfoController.java batchDeleteLoginfo improper authorization
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info Handleβ¦
5.3
CVE-2026-2106 - yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the compβ¦
5.3
CVE-2026-2105 - yeqifu warehouse Department Management DeptController.java deleteDept improper authorization
A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executβ¦
6.9
CVE-2026-2090 - SourceCodester Online Class Record System search.php sql injection
A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been publiβ¦
6.9
CVE-2026-2089 - SourceCodester Online Class Record System controller.php sql injection
A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been mβ¦
6.9
CVE-2026-2088 - PHPGurukul Beauty Parlour Management System accepted-appointment.php sql injection
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the pubβ¦