2.3
CVE-2026-4584 - Shenzhen HCC Technology MPOS M6 PLUS Cardholder Data cleartext transmission
A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmission of sensitive information. The attack requires access to the local network. The attack requires a β¦
3.7
CVE-2026-4633 - Keycloak: keycloak: user enumeration via differential error messages
A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.
2.3
CVE-2026-4583 - Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the local network. The β¦
6.3
CVE-2026-28809 - XXE in esaml SAML library allows local file read and potential SSRF
XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using xmeβ¦
2.3
CVE-2026-4582 - Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacksβ¦
6.9
CVE-2026-4581 - code-projects Simple Laundry System Parameters checklogin.php sql injection
A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploitβ¦
6.9
CVE-2026-4580 - code-projects Simple Laundry System Parameters checkupdatestatus.php sql injection
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The explβ¦
10
CVE-2026-3587 - Hidden CLI Function Allows Root Access
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
6.9
CVE-2026-4579 - code-projects Simple Laundry System Parameters viewdetail.php sql injection
A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is possible. The exploit β¦
4.8
CVE-2026-4578 - code-projects Exam Form Submission update_s3.php cross site scripting
A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_s3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack may be launched remotely. The exploit has been publiclyβ¦