CVE Vulnerabilities - 5 April 2026

A bug in the Tenda AC10's password change feature on certain routers can be exploited remotely, potentially causing the device to crash. This affects multiple devices. To fix this, update to a newer v...

A security issue in the Tenda AC10 router's password change feature allows an attacker to potentially hijack the device. The issue affects the password change process, which can be exploited remotely....

A security issue in UTT HiPER 1250GW firmware (up to version 3.2.7) could allow an attacker to execute malicious code remotely. This means an attacker could potentially take control of the device with...

A security flaw in Provectus Kafka-UI versions up to 0.7.2 allows an attacker to run malicious code on the system without needing a username or password. This could lead to unauthorized access and dat...

The Concert Ticket Reservation System 1.0 has a security weakness in its login feature. If an attacker knows how to manipulate the login email field, they could potentially access sensitive data or ta...

A vulnerability in the Concert Ticket Reservation System 1.0 allows attackers to inject malicious code into the system, potentially allowing them to access sensitive information or disrupt the system....

The login page of itsourcecode Free Hotel Reservation System 1.0 may be vulnerable to hacking attempts. This could allow an attacker to access sensitive information. Update the software to the latest ...

A weakness in Simple Laundry System 1.0 allows attackers to manipulate user data, potentially accessing sensitive information. This could happen if an attacker sends malicious input to the system. To ...

FedML-AI FedML versions 0.8.9 and below have a security risk where a remote attacker could potentially execute malicious code on the server. This is a serious issue because it could allow an attacker ...

The itsourcecode Online Enrollment System has a security flaw that allows an attacker to manipulate user data through a maliciously crafted user ID. This could lead to unauthorized access to sensitive...

The Apache HTTP Server may crash if it receives a SYN packet while processing a connection teardown. This can happen when the server is under heavy traffic. To fix this issue, update to the latest ver...

The Campcodes Complete POS Management and Inventory System is vulnerable to an environment variable injection attack. This means that an attacker could potentially inject malicious data into the syste...

An attacker can inject malicious SQL code into the payment processing system of PHPGurukul Online Shopping Portal, potentially allowing them to access sensitive data or take control of the system. Thi...

A security issue has been found in the template engine of PyBlade, a Python library used for creating web pages. If exploited, hackers could inject malicious code into web pages, potentially leading t...

The PHPGurukul Online Shopping Portal's pending-orders feature has a security flaw that can allow an attacker to manipulate data using SQL injection. This means an attacker could potentially access se...

A security issue in Pi-Mono Slack Bot up to version 0.58.4 could allow an attacker to bypass authentication and access the bot remotely. This could potentially lead to unauthorized access to sensitive...

A bug in pi-mono versions up to 0.58.4 allows attackers to inject malicious code. This means that if you're using an outdated version, an attacker could potentially take control of your system. Update...

The itsourcecode Online Cellphone System 1.0 has a weakness in its Parameter Handler component. This flaw allows an attacker to inject malicious code and potentially access sensitive data. To protect ...

The PHPGurukul Online Shopping Portal Project 2.1 has a security weakness in its sub-category.php file. This could allow an attacker to access sensitive information in the database. We recommend updat...

A bug in the Tenda AC10 router's configuration tool lets hackers take control of the device. This means they can run any command they want on the router, which could lead to serious security issues. T...

A weakness in Campcodes Complete Online Learning Management System 1.0 allows attackers to upload any file without restriction, potentially leading to malicious content being shared on the system. Thi...

A bug in the User Registration & Login and User Management System for PHPGurukul allows hackers to potentially access or manipulate sensitive user data. This could happen if an attacker knows the corr...

If you're using QingdaoU OnlineJudge version 1.6.1, an attacker could potentially trick the system into making unauthorized requests to other servers. This could be a security risk if your users' sens...

A security flaw in halex CourseSEL allows attackers to inject malicious SQL code when using a specific parameter in a GET request. This could potentially allow unauthorized access to sensitive data. U...

An attacker can inject malicious code into ScrapeGraphAI's GenerateCodeNode, potentially allowing them to execute arbitrary system commands. This issue affects versions 1.74.0 and earlier. We recommen...