Aggregator

Submit #798475 / VDB-359677

Submit #798474 / VDB-359676

Submit #798473 / VDB-359675

Submit #798472 / VDB-359674

Submit #798471 / VDB-359673

Submit #798470 / VDB-359672

A vulnerability identified as problematic has been detected in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is traded as CVE-2026-7095. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead to server-side request forgery. This vulnerability appears as CVE-2026-7094. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

Submit #800796 / VDB-359671

Submit #800726 / VDB-359670

A vulnerability was found in code-projects Invoice System in Laravel 1.0. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. This vulnerability is reported as CVE-2026-7093. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in code-projects Invoice System in Laravel 1.0. It has been declared as critical. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. This vulnerability is documented as CVE-2026-7092. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in code-projects Invoice System in Laravel 1.0. It has been classified as critical. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. This vulnerability is registered as CVE-2026-7091. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #800725 / VDB-359669

Submit #800389 / VDB-359668

Submit #800388 / VDB-359667

Submit #800387 / VDB-359666

A vulnerability has been found in PunBB 1.2.13 and classified as problematic. The affected element is an unknown function of the file include/common.php. This manipulation of the argument Language causes path traversal. This vulnerability is tracked as CVE-2006-5735. The attack is possible to be carried out remotely. Moreover, an exploit is present. The affected component should be upgraded.

A vulnerability was found in PunBB and classified as critical. The impacted element is an unknown function of the file search.php of the component Installation. Such manipulation of the argument array leads to sql injection. This vulnerability is listed as CVE-2006-5736. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Mobilesecure Highwall Endpoint 4.0.2.11045. This affects an unknown part of the file endpoint_edit.cfm of the component Management Interface. Such manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2006-5743. The attack may be launched remotely. There is no exploit available.