6.9
CVE-2026-5326 - SourceCodester Leave Application System User Information index.php authorization
A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manage_user of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. β¦
8.7
CVE-2026-32145 - Multipart form body parser bypasses body size limits in wisp
Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipart form body parsing. The multipart_body function bypasses configured max_body_size and max_files_size limits. When a multipart boundary is not present in a chunk, the parserβ¦
6.3
CVE-2026-5246 - Cesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorization
A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this natuβ¦
6.3
CVE-2026-5245 - Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflow
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A β¦
5.3
CVE-2026-33617 - MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Eβ¦
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.
7.5
CVE-2026-33616 - MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
9.1
CVE-2026-33615 - MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.
7.5
CVE-2026-33614 - MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
7.2
CVE-2026-33613 - MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data β¦
5.3
CVE-2026-29136 - CA Notification HTML Injection
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.