2 matches found
CVE-2026-14778
The CVE concerns SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerability is in the Enrollment Management component, specifically the /ajax_enroll.php file, where manipulation of the arguments student_id, schedule_id, or action leads to improper authorization. This all...
CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...