5.3
CVE-2026-2169 - D-Link DWR-M921 formLtefotaUpgradeFibocom command injection
A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publicβ¦
5.3
CVE-2026-2168 - D-Link DWR-M921 formLtefotaUpgradeQuectel sub_419920 command injection
A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
5.3
CVE-2026-2167 - Totolink WA300 cstecgi.cgi setAPNetwork os command injection
A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and maβ¦
6.9
CVE-2026-2166 - code-projects Online Reviewer System Login index.php sql injection
A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried ouβ¦
6.9
CVE-2026-2165 - detronetdip E-commerce Account Creation Endpoint add_seller.php missing authentication
A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be exβ¦
6.9
CVE-2026-2164 - detronetdip E-commerce addadhar.php unrestricted upload
A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The β¦
5.1
CVE-2026-2163 - D-Link DIR-600 ssdp.cgi command injection
A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launched remotely. The exploit is publicly availaβ¦
5.1
CVE-2026-2162 - itsourcecode News Portal Project aboutus.php sql injection
A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
6.9
CVE-2026-2161 - itsourcecode Directory Management System forget-password.php sql injection
A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made pubβ¦
5.3
CVE-2026-2160 - SourceCodester Simple Responsive Tourism Website Master.php cross site scripting
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. The attack can be initiateβ¦