5.3
CVE-2026-5660 - itsourcecode Construction Management System Parameter borrowed_equip.php sql injection
A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This manipulation of the argument emp causes sql injection. The attack may be initiated remotely. The exβ¦
5
CVE-2026-5704 - Tar: tar: hidden file injection via crafted archives
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files ontβ¦
5.3
CVE-2026-5659 - pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been mβ¦
6.9
CVE-2026-37980 - Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scriptβ¦
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed iβ¦
8.3
CVE-2026-3524 - Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check
Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID: MMβ¦
6.9
CVE-2026-5650 - code-projects Online Application System for Admission oas.sql sensitive information
A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exβ¦
5.3
CVE-2026-5649 - code-projects Online Application System for Admission Endpoint admsnform.php sql injection
A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has beeβ¦
6.9
CVE-2026-5648 - code-projects Simple Laundry System Parameter userfinishregister.php sql injection
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The explβ¦
4.8
CVE-2026-5647 - code-projects Online Shoe Store Add Product admin_feature.php cross site scripting
A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argument product_name results in cross site scripting. The attack may be launched remotely. The exploit iβ¦
6.9
CVE-2026-5646 - code-projects Easy Blog Site login.php sql injection
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosedβ¦