CVE-2026-6375

CVE-2026-6375 affects SpiceJet’s booking API, where unauthenticated users can enumerate PNRs and retrieve passenger names due to missing authorization checks on an endpoint intended for authenticated profile access. The entry notes a predictable PNR identifier pattern enabling systematic enumerat...

CVE-2026-5705

A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such manipulation of the argument roomname leads to cross site scripting. It is possible to launch the...

EUVD-2026-19559

A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such manipulation of the argument roomname leads to cross site scripting. It is possible to launch the...

PT-2024-20876 · Code Projects · Code-Projects Cinema Seat Reservation System

Name of the Vulnerable Software and Affected Versions: Code-projects Cinema Seat Reservation System version 1.0 Description: The issue allows SQL Injection via the id parameter at "/Cinema-Reservation/booking.php?id=1". This means an attacker could potentially inject malicious SQL code by...

PT-2022-25853 · Unknown · Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: Online Tours & Travels Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/user/update booking.php" API endpoint. Recommendations:...

PT-2022-26328 · Unknown · Simple Cold Storage Management System

Name of the Vulnerable Software and Affected Versions: Simple Cold Storage Management System version 1.0 Description: The issue is related to SQL injection via the /csms/classes/Master.php?f=delete booking endpoint. This allows for potential manipulation of database queries. Recommendations: For...

PT-2022-25358 · Unknown · Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: Online Tours & Travels Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/update booking.php" API endpoint. Recommendations...

PT-2022-23456 · Unknown · Edoc-Doctor-Appointment-System

Name of the Vulnerable Software and Affected Versions: Edoc-doctor-appointment-system version 1.0.1 Description: A SQL injection issue was found in the Edoc-doctor-appointment-system via the id parameter at the "/patient/booking.php" API endpoint. Recommendations: For Edoc-doctor-appointment-syst...