5548 matches found
PT-2026-33690
A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus id leads to sql...
app.cash.backfila:client-misk-hibernate (>=2025.05.13.195510-03b951f <=2026.05.28.162006-546becb), app.cash.backfila:service (>=2025.05.13.195510-03b951f <=2026.05.28.162006-546becb) +1017 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk18on (>=1.71 <=1.83)
org.bouncycastle:bcpg-jdk18on MAVEN version =1.71, =2025.05.13.195510-03b951f, =2025.05.13.195510-03b951f, =2025.05.13.195510-03b951f, =1.0.0, =1.0.0, =1.1, =1.5.0, =0.1.0, =4.0.0, =7.0.0 and more Source cves: CVE-2026-3505 Source advisory: OSV:GHSA-CJ8J-37RH-8475...
EUVD-2023-58146
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
PT-2026-33255
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), am.ik.home:uaa-server (>=1.0.0 <=1.9.0) +3237 more potentially affected by CVE-2026-40478 via org.thymeleaf:thymeleaf (>=m1 <=3.1.3.RELEASE)
org.thymeleaf:thymeleaf MAVEN version =m1, =0.5.0, =1.0.0, =0.9.6, =0.9.6, =1.0.0, =0.0.1, =1.0.0, =1.0, =3.4.0, =5.6.5, =4.1.0, =6.4.7 and more Source cves: CVE-2026-40478 Source advisory: OSV:GHSA-XJW8-8C5C-9R79...
ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), am.ik.home:uaa-server (>=1.0.0 <=1.9.0) +3237 more potentially affected by CVE-2026-40477 via org.thymeleaf:thymeleaf (>=m1 <=3.1.3.RELEASE)
org.thymeleaf:thymeleaf MAVEN version =m1, =0.5.0, =1.0.0, =0.9.6, =0.9.6, =1.0.0, =0.0.1, =1.0.0, =1.0, =3.4.0, =5.6.5, =4.1.0, =6.4.7 and more Source cves: CVE-2026-40477 Source advisory: OSV:GHSA-R4V4-5MWR-2FWR...
Linux Distros Unpatched Vulnerability : CVE-2026-40176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the...
WordPress Portfolio and Projects plugin <= 1.5.6 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin Portfolio and Projects versions = 1.5.6...
Command injection via malicious Perforce repository definition
Impact The Perforce::generateP4Command method constructed shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping. An attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository...
CVE-2026-6202 code-projects Easy Blog Site post.php sql injection
A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...
CVE-2026-6202 code-projects Easy Blog Site post.php sql injection
A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...
CVE-2026-36950
Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projectsperdepartment.php...
Stored-Cross-Site-Scripting-XSS-in-Donor-Registration-Leading-to-Admin-Session-Hijacking
Stored XSS in BloodBank Managing System — Donor Registration...
CVE-2026-6184
The vulnerability CVE-2026-6184 affects code-projects Simple Content Management System 1.0. A weakness exists in an unknown part of /web/admin/welcome.php where manipulating the argument News Title can result in cross-site scripting. Exploitation can be performed remotely, and public exploits are...
CVE-2026-6183 code-projects Simple Content Management System index.php sql injection
A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...
CVE-2026-6183 code-projects Simple Content Management System index.php sql injection
A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...
CVE-2026-6183
Code-projects Simple Content Management System 1.0 is impacted by a SQL injection in /web/index.php when manipulating the ID parameter. The issue stems from unvalidated input leading to database query manipulation. Remote exploitation is possible and a public exploit is available. No specifics on...
CVE-2026-6182 code-projects Simple Content Management System login.php sql injection
A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is...