CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

9.8CVSS0.00319EPSS

Exploits1References1

NVD•added 2026/04/10 3:16 p.m.•1 views

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

9.8CVSS0.00319EPSS

Exploits1References1

NVD•added 2026/04/10 3:16 p.m.•1 views

CVE-2026-36234

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

9.8CVSS0.00319EPSS

Exploits1References1

IBM Security Bulletins•added 2026/04/10 1:46 p.m.•7 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Hibernate library

Summary Due to use of the Hibernate library, DevOps Test Performance and Rational Performance Tester contain a potential SQL injection vulnerability. CVE-2026-0603 Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could...

8.3CVSS6AI score0.00606EPSS

Exploits1Affected Software1

Patchstack•added 2026/04/10 9:42 a.m.•4 views

WordPress User Registration & Membership plugin <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] vulnerability

Authenticated Subscriber+ SQL Injection via membershipids vulnerability discovered by WordFence in WordPress Plugin User Registration versions = 5.1.2...

6.5CVSS6AI score0.00306EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/10 9:31 a.m.•4 views

EUVD-2026-21326

A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be us...

6.5CVSS6.4AI score0.00266EPSS

Exploits0References6

EUVD•added 2026/04/10 9:31 a.m.•2 views

EUVD-2026-21350

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCHID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS6.9AI score0.00259EPSS

Exploits0References6

EUVD•added 2026/04/10 9:31 a.m.•1 views

EUVD-2026-21352

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

7.5CVSS6.9AI score0.00259EPSS

Exploits0References6

NVD•added 2026/04/10 9:16 a.m.•1 views

CVE-2026-6038

7.5CVSS0.00259EPSS

Exploits0References5

OSV•added 2026/04/10 8:49 a.m.•3 views

BIT-JOOMLA-2026-21630 Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...

8.8CVSS5.9AI score0.00341EPSS

Exploits0References2

CVE•added 2026/04/10 8:45 a.m.•9 views

CVE-2026-6038

The CVE affects code-projects Vehicle Showroom Management System 1.0. A SQL injection vulnerability exists in /util/RegisterCustomerFunction.php triggered by manipulating BRANCH_ID. The attack can be performed remotely and a public exploit is available.

7.5CVSS6.9AI score0.00259EPSS

Exploits0References5