CVE-2026-5195

A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...

CVE-2026-5186

The CVE concerns Nothings stb up to 2.30, specifically the Multi-frame GIF File Handler’s stb_image.h function stbi__load_gif_main. A manipulation leads to a double-free, with exploitation requiring local access. Public exploit has been made available. Vendor was contacted early but did not respo...

CVE-2026-5185

A security flaw has been discovered in Nothings stbimage up to 2.30. This affects the function stbigifloadnext of the file stbimage.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been...

EUVD-2026-17329

A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...

CVE-2026-5182

A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...

CVE-2026-5182 SourceCodester Teacher Record System Parameter sql injection

A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...

CVE-2026-5182 SourceCodester Teacher Record System Parameter sql injection

A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...

CVE-2026-5182

A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...

CVE-2026-5182

CVE-2026-5182 affects SourceCodester Teacher Record System 1.0, specifically the Parameter Handler component. A vulnerability exists when manipulating the argument searchteacher, leading to a SQL injection. Attacks can be initiated remotely, and the exploit has been made public. The connected CVE...

CVE-2026-5102

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...

EUVD-2026-17249

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been mad...

CVE-2026-5156

A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mitlinktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. Th...

PT-2026-29349

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.7 Description The delete mode handler in mylist function.php does not validate a CSRF token before permanently deleting list configurations. An attacker can exploit this by luring an authenticated user to a...

PT-2026-29204

A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...

PT-2026-29199

A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...

PT-2026-29203

A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi load gif main of the file stb image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public...

PT-2026-29409

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view employee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

Code-Projects Simple Gym Management System SQL注入漏洞

Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Gym Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations on parameters such as...

PT-2026-29326

Name of the Vulnerable Software and Affected Versions SourceCodester Leave Application System version 1.0 Description A security issue exists in the User Management Handler component of SourceCodester Leave Application System. This issue allows for cross site scripting, potentially enabling remot...

PT-2026-29407

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is...