Aggregator

Submit #786150 / VDB-355434

Submit #786149 / VDB-355433

Submit #785867 / VDB-355432

Submit #785859 / VDB-355431

Submit #785857 / VDB-355430

A vulnerability labeled as critical has been found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. This vulnerability was named CVE-2026-5641. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. This vulnerability is uniquely identified as CVE-2026-5640. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. This vulnerability is handled as CVE-2026-5639. The attack can be executed remotely. Additionally, an exploit exists.

Submit #785993 / VDB-355429

Submit #785985 / VDB-355428

Submit #785966 / VDB-355427

A vulnerability was found in HerikLyma CPPWebFramework up to 3.1. It has been rated as critical. This issue affects some unknown processing. Performing a manipulation results in path traversal. This vulnerability is known as CVE-2026-5638. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #785952 / VDB-355426

Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]

A vulnerability was found in projectworlds Car Rental System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. This vulnerability is traded as CVE-2026-5637. The attack may be launched remotely. Furthermore, there is an exploit available.

Пять технических слоёв, через которые платформы видят туннель насквозь.

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. It has been classified as critical. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. This vulnerability appears as CVE-2026-5636. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. This vulnerability is reported as CVE-2026-5635. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in projectworlds Car Rental Project 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. This vulnerability is documented as CVE-2026-5634. The attack can be initiated remotely. Additionally, an exploit exists.