Aggregator

CVE-2026-5562 | provectus kafka-ui up to 0.7.2 Endpoint testexecutions validateAccess code injection

VulDB Recent Entries
2 months 3 weeks ago
A vulnerability marked as critical has been reported in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. This vulnerability is documented as CVE-2026-5562. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)

Help Net Security
2 months 3 weeks ago

Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation came almost immediately from Fortinet, as well. “Fortinet has observed [CVE-2026-35616] to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6,” the company stated in a security advisory published on Saturday. About CVE-2026-35616 On Monday, Defused Cyber … More →

The post FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) appeared first on Help Net Security.

Zeljka Zorz

CVE-2026-5561 | Campcodes Complete POS Management and Inventory System up to 4.0.6 Environment Variable SettingsController.php injection

VulDB Recent Entries
2 months 3 weeks ago
A vulnerability labeled as critical has been found in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. This vulnerability is registered as CVE-2026-5561. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2026-5560 | PHPGurukul Online Shopping Portal Project 2.1 Parameter /payment-method.php paymethod sql injection

VulDB Recent Entries
2 months 3 weeks ago
A vulnerability identified as critical has been detected in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. This vulnerability is cataloged as CVE-2026-5560. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-5559 | AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha AST Validation sandbox.py _is_safe_ast special elements used in a template engine

VulDB Recent Entries
2 months 3 weeks ago
A vulnerability categorized as critical has been discovered in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is listed as CVE-2026-5559. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

Managed ad