Common Vulnerabilities and Exposures (CVE)

CVE-2026-14769

Jul 5, 2026 20:15:07 UTC

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be perfo...

CVE-2026-14768

Jul 5, 2026 20:00:17 UTC

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried ...

CVE-2026-14767

Jul 5, 2026 19:45:07 UTC

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoice_n...

CVE-2026-14766

Jul 5, 2026 18:30:07 UTC

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipula...

CVE-2026-59510

Jul 5, 2026 17:52:29 UTC

AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.get_filepath() function constructed a file path by joining the configured PDF storage direct...

CVE-2024-40582

Jul 5, 2026 17:41:23 UTC

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.

CVE-2024-40583

Jul 5, 2026 17:40:44 UTC

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.

CVE-2025-44619

Jul 5, 2026 17:01:58 UTC

Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.

CVE-2023-39809

Jul 5, 2026 16:48:27 UTC

N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php.

CVE-2023-39808

Jul 5, 2026 16:44:58 UTC

N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR...

CVE-2023-39807

Jul 5, 2026 16:40:27 UTC

N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.

CVE-2026-14764

Jul 5, 2026 16:30:07 UTC

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/add_event.php of the component Event Management Page. Such manipulation of the argument fdetails leads to...

CVE-2021-27821

Jul 5, 2026 16:30:02 UTC

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability.

CVE-2026-36182

Jul 5, 2026 16:17:08 UTC

GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.

CVE-2026-36180

Jul 5, 2026 16:17:04 UTC

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack.