CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/12 5:16 a.m.•2 views

CVE-2026-3982

A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewresult.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit h...

5.3CVSS0.00045EPSS

Vulnrichment•added 2026/03/12 4:32 a.m.•1 views

CVE-2026-3982 itsourcecode University Management System view_result.php cross site scripting

5.3CVSS4.2AI score0.00045EPSS

CVE•added 2026/03/12 4:32 a.m.•6 views

CVE-2026-3982

CVE-2026-3982 affects itsourcecode University Management System 1.0. A vulnerability exists in an unknown functionality of the file /view_result.php, where manipulating the vr argument can trigger cross-site scripting. The attack is remotely executable (network access) and the exploit has been pu...

5.3CVSS4.2AI score0.00045EPSS

CVE•added 2026/03/12 4:32 a.m.•6 views

CVE-2026-3981

The CVE-2026-3981 entry concerns itsourcecode Online Doctor Appointment System 1.0. The affected component is an unknown function in /admin/doctor_action.php where manipulating the argument ID triggers a SQL injection. Remote exploitation is possible, and public exploits have been released. Multi...

Cvelist•added 2026/03/12 4:2 a.m.•26 views

CVE-2026-3980 itsourcecode Online Doctor Appointment System patient_action.php sql injection

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

7.5CVSS0.00039EPSS

CVE•added 2026/03/12 4:2 a.m.•5 views

CVE-2026-3980

CVE-2026-3980 affects the itsourcecode Online Doctor Appointment System 1.0. The vulnerability is in the /admin/patient_action.php routine, where manipulating the argument patient_id enables an SQL injection. It can be exploited remotely, and public disclosure is noted; exploitation status varies...

Vulnrichment•added 2026/03/12 4:2 a.m.•0 views

CVE-2026-3980 itsourcecode Online Doctor Appointment System patient_action.php sql injection

7.5CVSS6.9AI score0.00039EPSS

Positive Technologies•added 2026/03/12 12:0 a.m.•1 views

PT-2026-24919

🚨 CVE-2026-3980 A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient action.php. Such manipulation of the argument patient id leads to sql injection. The attack may be launched remotely. The exploit has be...

CNNVD•added 2026/03/12 12:0 a.m.•3 views

Exploits1References13

itsourcecode University Management System 代码注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “vr” in the...

5.3CVSS5.7AI score0.00045EPSS

Positive Technologies•added 2026/03/12 12:0 a.m.•1 views

PT-2026-24920

🚨 CVE-2026-3981 A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit h...

CNNVD•added 2026/03/12 12:0 a.m.•3 views

Exploits1References12

itsourcecode Online Doctor Appointment System SQL注入漏洞

itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the patientid parameter in the file admin/patientaction.php. This...

9.8CVSS7.2AI score0.00039EPSS

Cvelist•added 2026/03/11 12:32 p.m.•26 views

CVE-2026-3944 itsourcecode University Management System att_add.php sql injection

A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /attadd.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

7.5CVSS0.00039EPSS

CVE•added 2026/03/11 12:32 p.m.•4 views

CVE-2026-3944

CVE-2026-3944 affects itsourcecode University Management System 1.0. The vulnerability is in the file /att_add.php where manipulation of the Name parameter enables SQL injection, potentially exploitable remotely. Public disclosure of the exploit is indicated across sources. Connected documents do...

9.8CVSS5.8AI score0.00039EPSS

EUVD•added 2026/03/09 9:30 a.m.•1 views

EUVD-2026-10315

A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manageemployeeallowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been public...

6.1CVSS4.3AI score0.00056EPSS

Exploits1References6

CVE•added 2026/03/09 9:2 a.m.•4 views

CVE-2026-3812

The CVE-2026-3812 entry affects itsourcecode Payroll Management System 1.0. The vulnerable component is an unknown function in /manage_employee_allowances.php where manipulation of the argument ID enables cross-site scripting. Exploitation is described as remote with a publicly disclosed exploit....

6.1CVSS4.3AI score0.00056EPSS

Vulnrichment•added 2026/03/09 9:2 a.m.•0 views

CVE-2026-3812 itsourcecode Payroll Management System manage_employee_allowances.php cross site scripting

5.3CVSS4.3AI score0.00056EPSS

Cvelist•added 2026/03/09 9:2 a.m.•29 views

CVE-2026-3812 itsourcecode Payroll Management System manage_employee_allowances.php cross site scripting

5.3CVSS0.00056EPSS