62693 matches found
CVE-2026-14690
A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveusers of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made availabl...
CVE-2026-14690
A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveusers of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made availabl...
CVE-2026-14690 SourceCodester Multi-Vendor Online Grocery Management System Users.php save_users improper authorization
A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveusers of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made availabl...
EUVD-2026-41712
A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveusers of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made availabl...
CVE-2026-14690
Affected product: SourceCodester Multi-Vendor Online Grocery Management System 1.0. Vulnerable component: function save_users in classes/Users.php. Root cause: manipulation leads to improper authorization. Impact described: remote exploitation is possible and the exploit has been made publicly av...
CVE-2026-14688
A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...
CVE-2026-14687 666ghj BettaFish InsightEngine search-result Deduplication agent.py _deduplicate_results partial string comparison
A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicateresults of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...
EUVD-2026-41709
A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicateresults of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...
PT-2026-55823
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit exam1.php file where a manipulation of the ID argument can lead to SQL injection, a technique used to interfere with the queries that an...
PT-2026-55821
Name of the Vulnerable Software and Affected Versions code-projects Real State Services version 1.0 Description Remote SQL injection is possible due to improper processing of the Bankname variable within the '/pay.php' endpoint. SQL injection is a technique where an attacker inserts malicious SQL...
PT-2026-55800
Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description A remote SQL injection flaw exists in the /admin/add room.php endpoint. The issue occurs when manipulating the delete image, edit, description, number, price, rooms, or type...
PT-2026-55792
Name of the Vulnerable Software and Affected Versions code-projects Real State Services version 1.0 Description An issue exists in the /addprojectsale.php endpoint where the manipulation of the amen variable allows for SQL injection. This allows a remote attacker to interfere with the database...
CVE-2026-14660
A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of the argument txtUser/txtPass results in sql injection. The attack may be initiated remotely. The exploit has been made public and could...
CVE-2026-14683
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results...
CVE-2026-14656
A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2026-14658 code-projects Assessment Management marking-scheme.php sql injection
A vulnerability was detected in code-projects Assessment Management 1.0. This vulnerability affects unknown code of the file /lecturer/marking-scheme.php. The manipulation of the argument smarksrange results in sql injection. It is possible to launch the attack remotely. The exploit is now public...
CVE-2026-14658
The CVE-2026-14658 issue affects code-projects Assessment Management 1.0, specifically the file /lecturer/marking-scheme.php. The vulnerability is an SQL injection caused by manipulating the parameter smarksrange[]; it enables remote exploitation. Public exploit information is noted in the descri...
CVE-2026-14656
CVE-2026-14656 affects code-projects Assessment Management 1.0, with a vulnerability in an unspecified part of /admin/remove-user.php where manipulating the ID parameter enables cross-site scripting. The issue is exploitable remotely and the exploit has been publicly disclosed. CVSS metrics indic...
CVE-2026-14653
A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument userid causes sql injection. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-14655 code-projects Assessment Management view-users.php cross site scripting
A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit ha...