CVE-2026-42227

The CVE affects n8n (open source workflow automation) prior to versions 1.123.32, 2.17.4, and 2.18.1. An authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying a projectId to the public API variables endpoint. The h...

CVE-2026-7716 code-projects Gym Management System In PHP/Windows NT index.php sql injection

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

CVE-2026-7716 code-projects Gym Management System In PHP/Windows NT index.php sql injection

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

CVE-2026-7632 code-projects Online Hospital Management System viewappointment.php sql injection

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2026-7632

The CVE-2026-7632 entry describes a SQL injection in code-projects Online Hospital Management System 1.0, specifically in /viewappointment.php through the delid parameter. The underlying cause is input manipulation that facilitates injection, with remote exploitation possible. Public exploitation...

CVE-2026-7631 code-projects Online Hospital Management System Registration improper authorization

A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has be...

Code-Projects Online Hospital Management System 安全漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System contains a security vulnerability. This vulnerability stems from the handling of the parameter...

Code-Projects Online Hospital Management System 注入漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the/vi...

Code-Projects Gym Management System 注入漏洞

Code-Projects Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Gym Management System has a vulnerability related to SQL injection, which arises from incorrect handling of parameters in the file admin/editexercises.php,...

PT-2026-36320

Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...

CVE-2026-7503

CVE-2026-7503 affects code-projects Plugin 4.1.2cu.5137, specifically the setWiFiMultipleConfig function in /cgi-bin/cstecgi.cgi using /lib/cste_modules/wireless.so. The vulnerability arises from improper handling of the wepkey2 argument, causing a buffer overflow. Impact is high (network access,...

Code-Projects for Plugin 缓冲区错误漏洞

Code-Projects for Plugin is an open-source plugin developed by Code-Projects. Version 4.1.2cu.5137 of Code-Projects for Plugin contains a buffer error vulnerability. This vulnerability stems from the operation of the setWiFiMultipleConfig function in the file /cgi-bin/cstecgi.cgi, specifically...

PT-2026-36163

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

CVE-2026-7110

A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published an...

CVE-2026-7238 code-projects Online Music Site AdminUpdateAlbum.php unrestricted upload

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...

CVE-2026-7238

A vulnerability in code-projects Online Music Site 1.0 affects Administrator/PHP/AdminUpdateAlbum.php where manipulation of the txtimage argument enables unrestricted file upload. This remote exploitation is possible and an exploit has been published. The CVSS metrics indicate a Network attacker ...

CVE-2026-7229

CVE-2026-7229 affects code-projects Coaching Management System 1.0. The vulnerability resides in the POST Handler for the admin reply.php function under /cims/modules/admin/reply.php, where manipulating the complaintreply argument causes SQL injection. Remote execution is possible, and the exploi...

CVE-2026-7222 code-projects Coaching Management System Complaint Form complaint.php cross site scripting

A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting...

com.jayxu:demo (>=0.10.0 <=0.11.0), com.okta.spring.examples:okta-spring-boot-hosted-code-flow-example (>=3.0.9 <=3.1.0) +8 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=4.0.1 <=4.0.3)

org.springframework.boot:spring-boot-devtools MAVEN version =4.0.1, =0.10.0, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =2.0.0, =2.1.1 - de.tschuehly:spring-view-component-thymeleaf =0.9.1 - io.stereov.singularity:core =1.10.6 - org.flowable:flowable-app-rest =8.0.0 - se.swedenconnect.bankid:bankid-idp =1.3...

Code-Projects Coaching Management System 跨站脚本漏洞

The Code-Projects Coaching Management System is an open-source coaching management system developed by Code-Projects. Version 1.0 of the Code-Projects Coaching Management System contains a cross-site scripting vulnerability. This vulnerability stems from the Complaint Parameter in the Complaint...