CVE-2026-36950

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projectsperdepartment.php...

PT-2026-32415

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to...

Linux Distros Unpatched Vulnerability : CVE-2026-34178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instanc...

CVE-2026-36950

Sourcecodester Online Thesis Archiving System v1.0 is affected by a SQL injection vulnerability in /otas/projects_per_department.php. The CVE-2026-36950 entry identifies the affected component and the underlying issue is an injectable SQL condition, leading to potential disclosure or manipulation...

bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +307 more potentially affected by CVE-2026-34480 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34480 Source advisory: OSV:GHSA-3PXV-7CMR-FJR4...

CVE-2026-40103 Vikunja's Scoped API tokens with projects.background permission can delete project backgrounds

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only...

CVE-2026-40103

Summary: Vikunja (open-source self-hosted task manager) had a scoped API token bypass: a token with only the projects.background permission could delete a project background due to a method-confusion in token enforcement. The root cause was in the route permission matching (CanDoAPIRoute) that re...

CVE-2026-35595

CVE-2026-35595 describes a privilege escalation in Vikunja where a user with inherited Write can become Admin on a moved project due to a recursive CTE that recalculates permissions when changing parent_project_id. Before 2.3.0, the CanUpdate check only validated Write on the new parent and did n...

EUVD-2026-21494

Vikunja: Scoped API tokens with projects.background permission can delete project backgrounds...

CVE-2026-6036 code-projects Vehicle Showroom Management System VehicleDetailsFunction.php sql injection

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLEID results in sql injection. The attack can be executed remotely. The exploit has be...

CVE-2026-6035 code-projects Vehicle Showroom Management System ServiceAndSalesReport.php cross site scripting

A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCHID leads to cross site scripting. Remote exploitation of the attack i...

CVE-2026-6034 code-projects Vehicle Showroom Management System ProfitAndLossReport.php cross site scripting

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCHID can lead to cross site scripting. The attack may be launched remotely. The exploi...

CVE-2026-6034

The CVE-2026-6034 entry concerns code-projects Vehicle Showroom Management System 1.0. The vulnerability affects the file /BranchManagement/ProfitAndLossReport.php where manipulating the BRANCH_ID parameter enables cross-site scripting. The description indicates a remote attack is possible and th...

CVE-2026-6032

CVE-2026-6032 affects code-projects Simple Laundry System 1.0. The vulnerability is in /checkcheckout.php where manipulating the argument serviceId enables cross-site scripting. Exploitation is remotely possible over NETWORK with low attack complexity and no privileges required; user interaction ...

CVE-2026-6031 code-projects Simple IT Discussion Forum add-category-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

CVE-2026-6031 code-projects Simple IT Discussion Forum add-category-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

CVE-2026-6006 code-projects Patient Record Management System edit_hpatient.php sql injection

A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edithpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2026-6006

The vulnerability affects code-projects Patient Record Management System 1.0, specifically the /edit_hpatient.php function where manipulating the ID parameter leads to a SQL injection. The issue is exploitable remotely and is described as a proof-of-concept in the provided details. No explicit re...

CVE-2026-6005

CVE-2026-6005 affects code-projects Patient Record Management System 1.0; the vulnerable component is hematology_print.php, where manipulating the hem_id parameter enables SQL injection. Exploitation is possible remotely and an exploit has been published. The provided documents do not include any...

CVE-2026-6004 code-projects Simple IT Discussion Forum delete-category.php sql injection

A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument catid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...