CVE-2026-42840 ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

CVE-2026-9542 CodeAstro Leave Management System add_staff.php sql injection

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

CVE-2026-4021 Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

EUVD-2020-27939

Malware in sbrugna...

EUVD-2022-6695

Malicious code in bioql PyPI...

EUVD-2024-54995

Malicious code in bioql PyPI...

CVE-2025-10624

A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument emailid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and ma...

PHPGurukul User Management System 安全漏洞

User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter uid in the file /admin/change-emailid.php against externally entered SQL statements. An attacker can exploit this...

PHPGurukul User Management System 安全漏洞

User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emailid of the signup.php file. An attacker can exploit this vulnerability to...

CVE-2025-9011

A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-9013 PHPGurukul Online Shopping Portal Project password-recovery.php sql injection

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...

CVE-2025-9011

CVE-2025-9011 affects PHPGurukul Online Shopping Portal Project 2.0. The vulnerability is in the file /shopping/signup.php, where manipulation of the emailid parameter enables a SQL injection. This can be exploited remotely, and the exploit has been disclosed publicly. Multiple connected sources ...

CVE-2025-9011 PHPGurukul Online Shopping Portal Project signup.php sql injection

A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been...

PT-2025-33445 · Phpgurukul · Phpgurukul Online Shopping Portal Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal Project 2.0 Description: A vulnerability exists in PHPGurukul Online Shopping Portal Project 2.0, affecting unknown code within the /shopping/password-recovery.php file. Manipulation of the emailid argument c...

CVE-2024-51103

PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters...

PHPGurukul Student Management System 安全漏洞

PHPGurukul Student Management System is a student management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Student Management System v1, which originates from an SQL injection in the emailid and id parameters in /studentrecordms/password-recovery.php...

CVE-2024-10154

A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be...

DEBIAN-CVE-2020-6792

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird 68.5...

CVE-2020-6792

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird 68.5...

Design/Logic Flaw

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird 68.5...