846 matches found
PT-2026-7618
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
GHSA-37CX-329C-33X3 go-git improperly verifies data integrity values for .idx and .pack files
Impact A vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch...
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value for .idx and .pack files. An attacker can cause the application to consume corrupted files, leading to unexpected errors, due to checksums not being checked in the loadIdxFile function...
CVE-2026-25934
go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...
CVE-2026-2176
A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem0 leads to sql injection. The attack can be executed remotely...
CVE-2026-2223 code-projects Online Reviewer System index.php sql injection
A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initia...
EUVD-2026-5761
A vulnerability was identified in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/report/index.php. The manipulation of the argument ay leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be us...
CVE-2026-2189 itsourcecode School Management System index.php sql injection
A vulnerability was identified in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/report/index.php. The manipulation of the argument ay leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be us...
CVE-2026-2176
A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem0 leads to sql injection. The attack can be executed remotely...
CVE-2026-2176
A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem0 leads to sql injection. The attack can be executed remotely...
CVE-2026-2176 code-projects Contact Management System index.py sql injection
A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem0 leads to sql injection. The attack can be executed remotely...
EUVD-2026-5774
A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem0 leads to sql injection. The attack can be executed remotely...
CVE-2026-2176
CVE-2026-2176 affects code-projects Contact Management System 1.0. The issue is a SQL injection caused by manipulating the argument selecteditem[0] in the file index.py, with remote execution possible. Multiple connected sources corroborate the vulnerability in index.py and its impact, without pr...
Xcode MCP Server 命令注入漏洞
Xcode MCP Server is an Xcode-compatible context protocol server developed by R. Huijts. Xcode MCP Server has a command injection vulnerability, which stems from incorrect handling of the args parameter in the src/tools/xcode/index.ts file, potentially leading to command injection...
Code-Projects Online Application System for Admission SQL注入漏洞
Code-Projects Online Application System for Admission is an online application system developed by Code-Projects. Version 1.0 of the Code-Projects Online Application System for Admission contains a SQL injection vulnerability. This vulnerability stems from incorrect operations with the...
CVE-2026-2073
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...
CVE-2026-2013
A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used...
EUVD-2026-5680
A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-2012
The CVE-2026-2012 vulnerability affects itsourcecode Student Management System 1.0. The flaw is a SQL injection caused by manipulation of the ID argument in /ramonsys/facultyloading/index.php, enabling remote exploitation. Public disclosures exist for the exploit. Remediation guidance across sour...
CVE-2026-2012 itsourcecode Student Management System index.php sql injection
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...