CVE-2026-39112

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

CVE-2026-38569

HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...

CVE-2026-38569

CVE-2026-38569 affects HireFlow v1.2. The vulnerability is a Cross Site Scripting (XSS) flaw in candidate_detail.html that can be triggered via the Resume or Feedback Comment fields when submitting through POST /candidates/add or POST /feedback/add. The underlying issue is an XSS in the candidate...

CVE-2026-38569

HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...

EUVD-2026-25867

ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...

CVE-2026-39112

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

CVE-2026-39112

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

EUVD-2026-16870

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

CVE-2026-27656

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:14+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2026-27656...

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

CVE-2019-25440 WebIncorp ERP Every version SQL Injection via product_detail.php

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

PT-2026-21441

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod id parameter. Attackers can send GET requests to product detail.php with malicious prod id values to extract sensitive database...

CVE-2020-37108

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

EUVD-2020-30986

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

PhpIX SQL注入漏洞

PhpIX is a website building system developed by PhpIX Company in Thailand. PhpIX has a SQL injection vulnerability; this vulnerability stems from the id parameter in the productdetail.php file, which allows for SQL injections, potentially enabling remote attackers to manipulate database queries...

CVE-2025-13582

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...

CVE-2025-13582

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...