WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...

CVE-2026-9411

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

CVE-2026-9416 code-projects Employee Management System myprofile.php cross site scripting

A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly...

EUVD-2026-31618

A weakness has been identified in code-projects Employee Management System 1.0. This affects an unknown function of the file /eloginwel.php. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the...

CVE-2026-9415

CVE-2026-9415 affects code-projects Employee Management System 1.0, with a vulnerability in the /eloginwel.php file triggered by manipulating the argument ID to cause cross-site scripting. The issue is exploitable remotely, and public exploits exist according to the provided records. The CVE entr...

CVE-2026-9411

CVE-2026-9411 affects SourceCodester Indian Invoicing System 1.0. The vulnerability is an SQL injection in /Invoicing/IGST_Invoice.php (Invoice Generation Handler) triggered by manipulating arguments such as customer_name or category. Impact is confidentiality/integrity/availability LOW per CVSS ...

PT-2026-43086

A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRST NAME results in cross site scripting. The attack can be initiated remotely...

SB Admin SQL注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin has a SQL injection vulnerability that originates from the parameter FIRSTNAME/LastName/EMAIL operation of the function confirmloggedin in the file studenttrans.php, which could lead t...

PT-2026-42990

A weakness has been identified in code-projects Employee Management System 1.0. This affects an unknown function of the file /eloginwel.php. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the...

PT-2026-43216

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

Linux Distros Unpatched Vulnerability : CVE-2026-48832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability. CVE-2026-48832 Note that Nessus relies on the presence of the...

KLiK SocialMediaWebsite 代码问题漏洞

KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A code issue vulnerability exists in version 1.0 of KLiK SocialMediaWebsite, which stems from the File Handler component's manipulation of the function uniqid in the file upload.inc.php,...

SB Admin 代码注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin suffers from a code injection vulnerability that stems from manipulation of the parameter FIRSTNAME in the file /student.php, which could lead to a cross-site scripting attack. An...

UBUNTU-CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-9377 SourceCodester SUP Online Shopping productedit.php cross site scripting

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-9377

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-9364

Affected software: projectworlds Online Art Gallery Shop 1.0. Vulnerability: SQL injection in /admin/adminHome.php via the social_linked argument due to unsafe handling. Impact: remote exploitation with potential impact on confidentiality, integrity, and availability. Exploit status: exploit publ...

CVE-2026-9355

CVE-2026-9355 affects SourceCodester Hospitals Patient Records Management System 1.0. The vulnerability is a SQL injection in the function handling /classes/Master.php?f=save_patient_history, triggered by manipulation of the ID argument. This allows remote exploitation and an exploit has been pub...

CVE-2021-47967

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

CVE-2026-9342

SourceCodester Hospitals Patient Records Management System 1.0 has a remote SQL injection in the file /admin/patients/view_history.php via manipulation of the ID argument. The flaw arises from unsanitized input, enabling a potential attacker to execute arbitrary SQL. Reported impacts include data...