Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the code-projects Simple Food Order System contains an SQL injection vulnerability. This vulnerability arises from the file/food/view-ticket-admin.php being vulnerable...

CVE-2026-26697

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacherview.php?teacherID=...

CVE-2026-26696

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacheredit.php...

EUVD-2026-9189

code-projects Simple Student Alumni System code-projects v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudentedit.php...

CVE-2026-26713

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php...

CVE-2026-26694

code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modalview.php...

CVE-2026-26695

The CVE-2026-26695 affects code-projects Simple Student Alumni System v1.0. The vulnerability is a SQL Injection in /TracerStudy/recordstudent_edit.php caused by insufficient input validation. This allows an attacker with network access (no authentication required) to manipulate database queries,...

CVE-2026-26696

CVE-2026-26696 affects code-projects Simple Student Alumni System v1.0. The vulnerability is a SQL Injection in the TracerStudy/recordteacher_edit.php (reported as recordteacher edit.php in some sources) due to insufficient input sanitization. Impact is high (C/H/I/H across confidentiality, integ...

CVE-2026-26697

The CVE-2026-26697 issue affects code-projects Simple Student Alumni System v1.0, with SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=. The root cause is unsanitized/unchecked input for the teacherID parameter, allowing potentially crafted queries to access confidential data (as i...

GO-2026-4552 Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api...

CVE-2026-27116

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While...

CVE-2026-27116

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

EUVD-2026-8749

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module...

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...

GHSA-4QGR-4H56-8895 Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...

CVE-2026-27116 Vikunja has Reflected HTML Injection via filter Parameter in Projects Module

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

CVE-2026-27116

Vikunja has a reflected HTML injection in the Projects module prior to version 2.0.0: the URL parameter filter is rendered into the DOM without output encoding when clicking “Filter.” Scripts/iframes are blocked, but SVG, links, and formatting tags may render, enabling SVG-based phishing buttons,...

CVE-2026-27116 Vikunja has Reflected HTML Injection via filter Parameter in Projects Module

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

CVE-2026-27116 Vikunja has Reflected HTML Injection via filter Parameter in Projects Module

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

PT-2026-22026

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description Vikunja, a self-hosted task management platform, has a reflected HTML injection issue in the Projects module. The filter URL parameter is rendered into the DOM without proper output encoding when a...