EUVD-2026-36681

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...

PT-2026-49167

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...

PT-2026-45853

Name of the Vulnerable Software and Affected Versions SourceCodester Human Resource Management version 1.0 Description An issue exists in the Employee View Page component within the '/detailview.php' endpoint. Remote manipulation of the employeeid argument leads to improper control of resource...

phpMyFAQ: IDOR Account Takeover

Summary An Insecure Direct Object Reference IDOR vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts userId=1, without authorization verification. An attacker with a low-privilege admin account can...

EUVD-2026-26148

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

CVE-2026-41277

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...

PT-2026-28743

Name of the Vulnerable Software and Affected Versions BichitroGan ISP Billing Software version 2025.3.20 Description A flaw exists in BichitroGan ISP Billing Software that allows for improper control of resource identifiers. The issue is located within an unknown function of the file ‘/?...

CVE-2025-12918 yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...

Skuul school management system 安全漏洞

Skuul school management system is a school management system by the individual developer Marvellous Ifezue. A security vulnerability exists in Skuul school management system version 2.6.5 and earlier, which stems from incorrect manipulation of the parameter invoiceid in the file...

xxl-job Jobs Handler remove function allows improper control of resource identifiers via ID parameter

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

CVE-2025-9264 Xuxueli xxl-job Jobs JobInfoController.java remove resource injection

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

CVE-2025-9264

The CVE-2025-9264 issue affects Xuxueli xxl-job (up to version 3.1.1). It specifically concerns the remove function in /src/main/java/com/xxl/job/admin/controller/JobInfoController.java within the Jobs Handler component. The root cause is manipulation of the ID argument, resulting in improper con...

CodeCanyon RISE Ultimate Project Manager 安全漏洞

CodeCanyon RISE Ultimate Project Manager is a project management and CRM software from CodeCanyon USA. A security vulnerability exists in CodeCanyon RISE Ultimate Project Manager version 3.8.2, which stems from an improper resource identifier control in file /index.php/teammembers/saveprofileimag...

The vulnerability of the vlan_get_protocol_dgram() function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the vlangetprotocoldgram function in the Linux operating system’s kernel is related to improper control of resource identifiers. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2025-1575

A vulnerability classified as problematic has been found in Harpia DiagSystem 12. Affected is an unknown function of the file /diagsystem/PACS/atualatendimentojpeg.php. The manipulation of the argument cod/codexame leads to improper control of resource identifiers. It is possible to launch the...

CVE-2025-1645

CVE-2025-1645 affects Benner Connecta 1.0.5330. The vulnerability involves an unknown functionality at /Usuarios/Usuario/EditarLogado/ where manipulating the Handle argument causes improper control of resource identifiers. The issue can be exploited remotely and is considered critical/medium-risk...

CampCodes School Management Software 安全漏洞

CampCodes School Management Software is a school management software from CampCodes, Inc. A security vulnerability exists in CampCodes School Management Software version 1.0, which stems from improper control of resource identifiers...

The vulnerability of the qcom component in the Linux operating system’s kernel allows a hacker to gain unauthorized access to confidential information.

The vulnerability of the qcom component in the Linux operating system’s kernel is related to improper control of resource identifiers. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential information within the system...

CVE-2022-3060

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

Discuz! 2 0 1 1 All version background get Webshell 0day-vulnerability warning-the black bar safety net

From Discuz! Ancient 6. 0 version, the vulnerabilities are present in the extensions, use differently, the following start. A Discuz! 6.0 and Discuz! 7.0 Since you want the background to take the Shell, the file is written to Must-see. /include/cache.func.php ! To turn on,find the calling functio...