CVE-2026-10226

CVE-2026-10226 affects the project raisulislamg4 student_management_system_by_php (file delete.php). The issue is a SQL injection that can be triggered by manipulating arguments such as user_id, course_id, teacher_id, student_id, or application_id. The vulnerability is exploitable remotely and ex...

CVE-2026-42337 MaxKB: Broken Access Control in MaxKB OSS URL Fetch API

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...

CVE-2026-40127

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

CVE-2026-40127

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

CVE-2026-40127 Authorization Bypass Through User-Controlled Key in OutSystems Lifetime

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

OutSystems Lifetime 安全漏洞

OutSystems Lifetime is a low-code platform management control center from OutSystems USA. A security vulnerability exists in OutSystems Lifetime versions prior to 11.28.2.3955, which stems from the presence of the ApplicationID parameter to bypass authorization via a user control key, which could...

EUVD-2026-21605

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

PT-2026-32044

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the Management API when an authenticated user with a valid low-privilege token specifies a different tenant's projectid, grantid, or appid. An attacker can access sensitive...

CVE-2026-32131

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

CVE-2026-32131

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

CVE-2026-30925 Parse Server affected by Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This...

CVE-2019-25501

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

PT-2026-22956

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app id parameter. Attackers can send POST requests to delete application ajax.php with crafted payloads to extract sensitive data, bypass...

Simplejobscript SQL注入漏洞

Simplejobscript is a free web development software open source by Niteosoft. Simplejobscript has a SQL injection vulnerability. This vulnerability stems from the appid parameter, which allows for SQL injections. It could enable attackers to manipulate database queries, extract sensitive data,...

CVE-2025-13950

CVE-2025-13950 affects the OneSignal – Web Push Notifications WordPress plugin. It allows unauthenticated modification of data (App ID, REST API key, and notification behavior) via POST requests due to a missing capability check in settings handling for all versions up to 3.6.1. The issue is netw...

CVE-2022-28467

Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter...

Online Student Admission System SQL注入漏洞

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. Online Student Admission v1.0 has a security vulnerability that allows an attacker to perform SQL injection via the txtapplicationID parameter...

APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities

APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It's PEiD for Android. For more information on what this tool can be used for, check out: Android Compiler Fingerprinting Detecting Pirated and Malicious Android Apps...

Accellion FTA Appliance SQL Injection Vulnerability

Accellion FTA devices is a file transfer device from Accellion USA. The device supports file transfer, file sharing, file transfer tracking and reporting, and more. An SQL injection vulnerability exists in seos/courier/communicationp2p.php in Accellion FTA devices versions prior to FTA912180, whi...