CVE Vulnerabilities - 5 April 2026

The PHPGurukul Online Shopping Portal's pending-orders feature has a security flaw that can allow an attacker to manipulate data using SQL injection. This means an attacker could potentially access se...

A security issue in Pi-Mono Slack Bot up to version 0.58.4 could allow an attacker to bypass authentication and access the bot remotely. This could potentially lead to unauthorized access to sensitive...

A bug in pi-mono versions up to 0.58.4 allows attackers to inject malicious code. This means that if you're using an outdated version, an attacker could potentially take control of your system. Update...

The itsourcecode Online Cellphone System 1.0 has a weakness in its Parameter Handler component. This flaw allows an attacker to inject malicious code and potentially access sensitive data. To protect ...

The PHPGurukul Online Shopping Portal Project 2.1 has a security weakness in its sub-category.php file. This could allow an attacker to access sensitive information in the database. We recommend updat...

A bug in the Tenda AC10 router's configuration tool lets hackers take control of the device. This means they can run any command they want on the router, which could lead to serious security issues. T...

A weakness in Campcodes Complete Online Learning Management System 1.0 allows attackers to upload any file without restriction, potentially leading to malicious content being shared on the system. Thi...

A bug in the User Registration & Login and User Management System for PHPGurukul allows hackers to potentially access or manipulate sensitive user data. This could happen if an attacker knows the corr...

If you're using QingdaoU OnlineJudge version 1.6.1, an attacker could potentially trick the system into making unauthorized requests to other servers. This could be a security risk if your users' sens...

A security flaw in halex CourseSEL allows attackers to inject malicious SQL code when using a specific parameter in a GET request. This could potentially allow unauthorized access to sensitive data. U...

An attacker can inject malicious code into ScrapeGraphAI's GenerateCodeNode, potentially allowing them to execute arbitrary system commands. This issue affects versions 1.74.0 and earlier. We recommen...

A security issue in Ollama's Model Pull API may allow an attacker to trick the server into downloading a malicious file. This could happen if an attacker can manipulate a request to the server. Ollama...

A security issue in MoussaabBadla code-screenshot-mcp (version 0.1.0 and earlier) allows hackers to execute malicious commands on a system remotely. This could lead to unauthorized access and data the...

A security issue has been found in the Technostrobe HI-LED-WR120-G2 software, which could allow an attacker to access sensitive information remotely. This means that an attacker could potentially get ...

A security issue has been found in the Tenda AC10 router's internal key storage. If exploited, an attacker could potentially use this vulnerability to access sensitive information or take control of t...

The SourceCodester Student Result Management System version 1.0 stores login credentials in a plain text file, making them accessible to unauthorized users if the system is compromised. This could all...

Some Tenda 4G03 Pro routers have a security weakness that allows an attacker to access sensitive information. This is because the routers use a hard-coded encryption key, which is not changed by the m...

A security flaw was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Attackers can trick the device into doing something it shouldn't, potentially causing harm. This can happen remotely, and the...

A security flaw in the Simple Laundry System 1.0 can allow hackers to execute malicious code on a website. This can happen if a user manipulates a specific argument on the staff information page. Webs...

The Simple Laundry System version 1.0 has a security flaw that allows hackers to inject malicious code into the system if they know a user's ID. This could potentially allow them to access sensitive i...

The Simple Laundry System 1.0 software has a security flaw that allows an attacker to inject malicious code into the system via a user input field. This could potentially allow an attacker to take con...

An attacker can potentially access files outside of the intended path on a FedML-AI FedML system, allowing them to read sensitive data. This is a concern for users who rely on FedML-AI FedML's securit...

A security flaw in Badlogic Pi-Mono 0.58.4 allows hackers to inject malicious code into a website, potentially stealing data or taking control of user sessions. This means hackers can access your webs...

A weakness in Dromara lamp-cloud versions up to 5.8.1 can allow an attacker to access user information without permission. This can happen remotely, and an exploit is now publicly available. Users sho...

A vulnerability in Akaunting's Invoice/Billing component allows attackers to inject malicious code into the system through the 'notes' field. This could allow an attacker to take control of a website....