5548 matches found
CVE-2026-2619 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to...
CVE-2026-2619
GitLab Enterprise Edition (GitLab EE) versions affected: 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3. Affected component: vulnerability flag data in private projects. Root cause: incorrect authorization that could allow an authenticated user with auditor privileges to modify ...
CVE-2026-2619
Removed by vendor...
CVE-2026-5806 code-projects Easy Blog Site update.php cross site scripting
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...
CVE-2026-5806
CVE-2026-5806 affects code-projects’ Easy Blog Site 1.0. The vulnerability is a Cross-Site Scripting (XSS) in the /posts/update.php function, via manipulation of the postTitle parameter. Impact per documents is limited to non-persistent integrity disruption with no confidentiality or availability...
CVE-2026-5805 code-projects Easy Blog Site contact_us.php sql injection
A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contactus.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available...
CVE-2026-5805 code-projects Easy Blog Site contact_us.php sql injection
A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contactus.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available...
CVE-2026-5805
Code-projects Easy Blog Site (up to version 1.0) contains a SQL injection in /users/contact_us.php where manipulating the Name parameter can trigger database queries remotely. The vulnerability’s exploitability is network-based with low impact on confidentiality, integrity, and availability, and ...
Code-Projects Easy Blog Site 代码注入漏洞
Code-Projects Easy Blog Site is an easy blog website developed by Code-Projects as open source. Version 1.0 of code-projects Easy Blog Site has a code injection vulnerability, which stems from the handling of the parameter postTitle in the file posts/update.php. This vulnerability may lead to...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There were security vulnerabilities in versions prior to GitLab EE...
GitLab 18.6 < 18.8.9 / 18.9 < 18.9.5 / 18.10 < 18.10.3 (CVE-2026-2619)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an...
PT-2026-31543
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.6 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 Description An issue existed in GitLab EE where an authenticated user with auditor privileges could modify vulnerability flag data in private projects due t...
CVE-2026-5649
A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has...
CVE-2026-5665
A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack is possible to...
CVE-2026-5705 code-projects Online Hotel Booking Booking Endpoint booknow.php cross site scripting
A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such manipulation of the argument roomname leads to cross site scripting. It is possible to launch the...
CVE-2026-5705 code-projects Online Hotel Booking Booking Endpoint booknow.php cross site scripting
A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such manipulation of the argument roomname leads to cross site scripting. It is possible to launch the...
CVE-2026-5705
The CVE-2026-5705 entry describes a cross-site scripting vulnerability in code-projects Online Hotel Booking 1.0. Affected is an unknown functionality in the Booking Endpoint at /booknow.php, where manipulation of the roomname argument enables XSS. Attacks can be launched remotely and the exploit...
CVE-2026-5672 code-projects Simple IT Discussion Forum Parameter edit-category.php sql injection
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /edit-category.php of the component Parameter Handler. The manipulation of the argument catid leads to sql injection. It is possible to initiate the...
CVE-2026-5672 code-projects Simple IT Discussion Forum Parameter edit-category.php sql injection
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /edit-category.php of the component Parameter Handler. The manipulation of the argument catid leads to sql injection. It is possible to initiate the...
CVE-2026-5666 code-projects Online FIR System SQL Database Backup File complaints.sql sensitive information
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be perform...