CVE-2026-10815

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

CVE-2026-10212 AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

CVE-2026-10154

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is...

PT-2026-45425

A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage product.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been mad...

CVE-2026-10168 OUSL-GROUP-BrinaryBrains School Student Management System Parents.php marks resource injection

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

PT-2026-43427

Name of the Vulnerable Software and Affected Versions SourceCodester eDoc Doctor Appointment System version 1.0 Description An issue exists in the '/admin/delete-session.php' endpoint where manipulation of the ID argument leads to missing authorization. This allows for remote exploitation of the...

CVE-2026-9419

A vulnerability has been found in code-projects Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /empproject.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

Student Management System 安全漏洞

Student Management System is a student management system by the individual developer krishanmurariji. A security vulnerability exists in StudentManagementSystem, which stems from the manipulation of the parameter ID by an unknown function in the file courseDel.php, which could lead to improper...

CVE-2026-44341

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access ...

PT-2026-40462

Name of the Vulnerable Software and Affected Versions GoJobs affected versions not specified Description GoJobs is a REST API for a Job Board platform. The application contains a job retrieval endpoint that lacks proper authentication and authorization checks. This allows unauthenticated users to...

CVE-2026-8027 FlowiseAI Flowise User Controller authorization

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

CVE-2026-7592

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7742 CodeAstro Online Classroom facultylogin sql injection

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...

CVE-2026-7681

The CVE-2026-7681 entry concerns jsbroks COCO Annotator (up to version 0.11.1). The vulnerability affects the Dataset API’s datasets.py (backend/webserver/api/datasets.py) where manipulation of the DatasetId argument bypasses authorization. Impact is described as potential remote exploitation wit...

CVE-2026-5781 Multiple vulnerabilities in MphRx's Minerva

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitati...

CVE-2026-5781

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitati...

CVE-2026-7194 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=saveproduct. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

EUVD-2026-25782

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

CVE-2026-7092

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

CVE-2026-7092 code-projects Invoice System in Laravel Profile profile improper authorization

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...