{
"Source": "CVE FEED",
"Title": "CVE-2026-5599 - API allows deletion of users of other instance",
"Content": "CVE ID :CVE-2026-5599
Published : April 5, 2026, 12:36 p.m. | 11 minutes ago
Description :A user with API access and "manage users" permission in any venueless
world is able to trigger deletion of user accounts in other worlds.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5599 - API allows deletion of users of other instance",
"Content": "CVE ID :CVE-2026-5599
Published : April 5, 2026, 12:36 p.m. | 11 minutes ago
Description :A user with API access and "manage users" permission in any venueless
world is able to trigger deletion of user accounts in other worlds.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5563 - AutohomeCorp frostmourne Alarm Preview previewData httpTest sql injection",
"Content": "CVE ID :CVE-2026-5563
Published : April 5, 2026, 12:16 p.m. | 31 minutes ago
Description :A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5563 - AutohomeCorp frostmourne Alarm Preview previewData httpTest sql injection",
"Content": "CVE ID :CVE-2026-5563
Published : April 5, 2026, 12:16 p.m. | 31 minutes ago
Description :A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5564 - code-projects Simple Laundry System Parameter searchguest.php sql injection",
"Content": "CVE ID :CVE-2026-5564
Published : April 5, 2026, 12:16 p.m. | 31 minutes ago
Description :A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5564 - code-projects Simple Laundry System Parameter searchguest.php sql injection",
"Content": "CVE ID :CVE-2026-5564
Published : April 5, 2026, 12:16 p.m. | 31 minutes ago
Description :A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5566 - UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow",
"Content": "CVE ID :CVE-2026-5566
Published : April 5, 2026, 12:15 p.m. | 32 minutes ago
Description :A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5566 - UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow",
"Content": "CVE ID :CVE-2026-5566
Published : April 5, 2026, 12:15 p.m. | 32 minutes ago
Description :A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5565 - code-projects Simple Laundry System Parameter delmemberinfo.php sql injection",
"Content": "CVE ID :CVE-2026-5565
Published : April 5, 2026, noon | 47 minutes ago
Description :A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5565 - code-projects Simple Laundry System Parameter delmemberinfo.php sql injection",
"Content": "CVE ID :CVE-2026-5565
Published : April 5, 2026, noon | 47 minutes ago
Description :A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5561 - Campcodes Complete POS Management and Inventory System Environment Variable SettingsController.php injection",
"Content": "CVE ID :CVE-2026-5561
Published : April 5, 2026, 11:16 a.m. | 1 hour, 30 minutes ago
Description :A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5561 - Campcodes Complete POS Management and Inventory System Environment Variable SettingsController.php injection",
"Content": "CVE ID :CVE-2026-5561
Published : April 5, 2026, 11:16 a.m. | 1 hour, 30 minutes ago
Description :A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5562 - provectus kafka-ui Endpoint testexecutions validateAccess code injection",
"Content": "CVE ID :CVE-2026-5562
Published : April 5, 2026, 11:16 a.m. | 1 hour, 30 minutes ago
Description :A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5562 - provectus kafka-ui Endpoint testexecutions validateAccess code injection",
"Content": "CVE ID :CVE-2026-5562
Published : April 5, 2026, 11:16 a.m. | 1 hour, 30 minutes ago
Description :A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5573 - Technostrobe HI-LED-WR120-G2 fs unrestricted upload",
"Content": "CVE ID :CVE-2026-5573
Published : April 5, 2026, 2:30 p.m. | 22 minutes ago
Description :A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5573 - Technostrobe HI-LED-WR120-G2 fs unrestricted upload",
"Content": "CVE ID :CVE-2026-5573
Published : April 5, 2026, 2:30 p.m. | 22 minutes ago
Description :A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5572 - Technostrobe HI-LED-WR120-G2 cross-site request forgery",
"Content": "CVE ID :CVE-2026-5572
Published : April 5, 2026, 2:16 p.m. | 36 minutes ago
Description :A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5572 - Technostrobe HI-LED-WR120-G2 cross-site request forgery",
"Content": "CVE ID :CVE-2026-5572
Published : April 5, 2026, 2:16 p.m. | 36 minutes ago
Description :A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5571 - Technostrobe HI-LED-WR120-G2 Configuration Data fs information disclosure",
"Content": "CVE ID :CVE-2026-5571
Published : April 5, 2026, 2:16 p.m. | 36 minutes ago
Description :A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5571 - Technostrobe HI-LED-WR120-G2 Configuration Data fs information disclosure",
"Content": "CVE ID :CVE-2026-5571
Published : April 5, 2026, 2:16 p.m. | 36 minutes ago
Description :A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5569 - Technostrobe HI-LED-WR120-G2 Endpoint access control",
"Content": "CVE ID :CVE-2026-5569
Published : April 5, 2026, 2:16 p.m. | 36 minutes ago
Description :A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made public and could be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5569 - Technostrobe HI-LED-WR120-G2 Endpoint access control",
"Content": "CVE ID :CVE-2026-5569
Published : April 5, 2026, 2:16 p.m. | 36 minutes ago
Description :A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made public and could be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5570 - Technostrobe HI-LED-WR120-G2 LoginCB index_config improper authentication",
"Content": "CVE ID :CVE-2026-5570
Published : April 5, 2026, 2:16 p.m. | 36 minutes ago
Description :A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5570 - Technostrobe HI-LED-WR120-G2 LoginCB index_config improper authentication",
"Content": "CVE ID :CVE-2026-5570
Published : April 5, 2026, 2:16 p.m. | 36 minutes ago
Description :A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5567 - Tenda M3 Destination setAdvPolicyData buffer overflow",
"Content": "CVE ID :CVE-2026-5567
Published : April 5, 2026, 1:17 p.m. | 1 hour, 35 minutes ago
Description :A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5567 - Tenda M3 Destination setAdvPolicyData buffer overflow",
"Content": "CVE ID :CVE-2026-5567
Published : April 5, 2026, 1:17 p.m. | 1 hour, 35 minutes ago
Description :A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5568 - Akaunting Invoice/Billing cross site scripting",
"Content": "CVE ID :CVE-2026-5568
Published : April 5, 2026, 1:17 p.m. | 1 hour, 35 minutes ago
Description :A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5568 - Akaunting Invoice/Billing cross site scripting",
"Content": "CVE ID :CVE-2026-5568
Published : April 5, 2026, 1:17 p.m. | 1 hour, 35 minutes ago
Description :A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5583 - PHPGurukul Online Shopping Portal Project Parameter my-profile.php sql injection",
"Content": "CVE ID :CVE-2026-5583
Published : April 5, 2026, 4:30 p.m. | 25 minutes ago
Description :A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5583 - PHPGurukul Online Shopping Portal Project Parameter my-profile.php sql injection",
"Content": "CVE ID :CVE-2026-5583
Published : April 5, 2026, 4:30 p.m. | 25 minutes ago
Description :A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5579 - CodeAstro Online Classroom Parameter updatedetailsfromfaculty.php sql injection",
"Content": "CVE ID :CVE-2026-5579
Published : April 5, 2026, 4:16 p.m. | 38 minutes ago
Description :A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5579 - CodeAstro Online Classroom Parameter updatedetailsfromfaculty.php sql injection",
"Content": "CVE ID :CVE-2026-5579
Published : April 5, 2026, 4:16 p.m. | 38 minutes ago
Description :A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5576 - SourceCodester/jkev Record Management System Add Employee save_emp.php unrestricted upload",
"Content": "CVE ID :CVE-2026-5576
Published : April 5, 2026, 4:16 p.m. | 38 minutes ago
Description :A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5576 - SourceCodester/jkev Record Management System Add Employee save_emp.php unrestricted upload",
"Content": "CVE ID :CVE-2026-5576
Published : April 5, 2026, 4:16 p.m. | 38 minutes ago
Description :A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5577 - Song-Li cross_browser details Endpoint uniquemachine_app.py sql injection",
"Content": "CVE ID :CVE-2026-5577
Published : April 5, 2026, 4:16 p.m. | 38 minutes ago
Description :A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachine_app.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5577 - Song-Li cross_browser details Endpoint uniquemachine_app.py sql injection",
"Content": "CVE ID :CVE-2026-5577
Published : April 5, 2026, 4:16 p.m. | 38 minutes ago
Description :A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachine_app.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5578 - CodeAstro Online Classroom Parameter addassessment.php sql injection",
"Content": "CVE ID :CVE-2026-5578
Published : April 5, 2026, 4:16 p.m. | 38 minutes ago
Description :A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5578 - CodeAstro Online Classroom Parameter addassessment.php sql injection",
"Content": "CVE ID :CVE-2026-5578
Published : April 5, 2026, 4:16 p.m. | 38 minutes ago
Description :A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5580 - CodeAstro Online Classroom Parameter addvideos.php sql injection",
"Content": "CVE ID :CVE-2026-5580
Published : April 5, 2026, 4:15 p.m. | 40 minutes ago
Description :A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5580 - CodeAstro Online Classroom Parameter addvideos.php sql injection",
"Content": "CVE ID :CVE-2026-5580
Published : April 5, 2026, 4:15 p.m. | 40 minutes ago
Description :A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5575 - SourceCodester/jkev Record Management System Login index.php sql injection",
"Content": "CVE ID :CVE-2026-5575
Published : April 5, 2026, 3:16 p.m. | 1 hour, 38 minutes ago
Description :A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5575 - SourceCodester/jkev Record Management System Login index.php sql injection",
"Content": "CVE ID :CVE-2026-5575
Published : April 5, 2026, 3:16 p.m. | 1 hour, 38 minutes ago
Description :A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹