440 matches found
CVE-2026-14764
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...
CVE-2026-14762
A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack...
EUVD-2026-41772
A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack...
CVE-2026-14756
A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/addtour.php of the component Tour Management Page. The manipulation of the argument deleteimage results in sql injection. The attack may be launche...
PT-2026-55804
Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Tour Management Page component within the '/admin/add tour.php' endpoint. Remote attackers can perform a SQL injection by manipulating the delete image...
PT-2026-55814
Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Event Management Page component within the file /admin/add event.php. Remote manipulation of the fdetails argument allows for SQL injection, a technique...
CVE-2026-12130
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/AddProjects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched...
CVE-2026-11518
A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely...
PT-2026-47292
Name of the Vulnerable Software and Affected Versions SourceCodester Inventory System version 1.0 Description Cross site scripting can be triggered remotely via the User Management Page component in the file '/users.php'. The issue occurs through the manipulation of the fullname or username...
SourceCodester Inventory System 跨站脚本漏洞
The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System has a cross-site scripting vulnerability. This vulnerability stems from the handling of parameters fullname and username in the users.php componen...
CVE-2026-6489
A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The...
CVE-2026-3718
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...
EUVD-2026-33582
A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...
NEC Aterm series vulnerable to cross-site scripting (NV26-002)
Overview Aterm series products provided by NEC Corporation contain the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-6059 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
EUVD-2021-34788
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in...
Zyxel WRE6505 安全漏洞
The Zyxel WRE6505 is a wireless signal extension device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 firmware version 1.00ABDV.3C0 contains a security vulnerability. This vulnerability stems from improper CGI program coding or escaping, which may allow adjacent WLAN attackers to...
CVE-2026-36952
Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/managecurriculum.php...
CVE-2026-36943
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/managerepair.php...
EUVD-2026-18326
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the newcertname parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-34803
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the name parameter to /manage/qos/classes/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...