|
591
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unres…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7133
|
2026-04-28 03:36 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
592
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without para…
New
|
CWE-89
SQL Injection
|
CVE-2026-41462
|
2026-04-28 03:36 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
593
|
8.8 |
HIGH
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outs…
New
|
CWE-22
Path Traversal
|
CVE-2026-41463
|
2026-04-28 03:36 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
594
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive …
New
|
CWE-862
Missing Authorization
|
CVE-2026-41464
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
595
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequ…
New
|
CWE-22
Path Traversal
|
CVE-2026-41465
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
596
|
5.4 |
MEDIUM
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only d…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41466
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
597
|
5.4 |
MEDIUM
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and HTM file …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41467
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
598
|
- |
|
-
|
-
|
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either bec…
New
|
CWE-842
Placement of User into Incorrect Group
|
CVE-2026-6970
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
599
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unre…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7134
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
600
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a man…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7136
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
