EUVD-2026-31667

A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public a...

PT-2026-35499

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update passwd process.php. The manipulation of the argument temp user results in authorization bypass. The attack can be launched remotely. The exploit has been...

PT-2026-35420

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save category. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released ...

EUVD-2026-17168

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

CVE-2026-1135

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...

EUVD-2026-0002

A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public an...

EUVD-2025-201425

A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmakedown.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

PT-2025-49022

Name of the Vulnerable Software and Affected Versions XunRuiCMS versions up to 4.7.1 Description A security flaw exists in XunRuiCMS, specifically within the Email Setting Handler component. The issue involves server-side request forgery, potentially allowing remote exploitation. The flaw is...

PT-2025-43883

Name of the Vulnerable Software and Affected Versions projectworlds Expense Management System version 1.0 Description A security flaw exists in projectworlds Expense Management System 1.0. The issue involves cross site scripting and affects an unknown function within the /public/admin/roles/creat...

CVE-2025-11610

A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName results in sql injection. The attack can be executed remotely. The exploit has been released to the...

PT-2025-41608

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security flaw exists in CodeAstro Gym Management System 1.0. The issue involves a SQL injection impacting an unknown function within the /admin/user-payment.php file. Manipulation of th...

PT-2025-38747

Name of the Vulnerable Software and Affected Versions Campcodes Online Beauty Parlor Management System version 1.0 Description A security flaw exists in Campcodes Online Beauty Parlor Management System. The issue involves SQL injection due to the manipulation of the editid argument in the...

CVE-2025-9396

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function GIstrtollinternal of the file strtoll.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be...

PT-2025-34145 · Elunez · Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions prior to 2.8 Description: A security flaw has been discovered in elunez eladmin up to version 2.7. This issue affects an unknown functionality of the file /auth/info. Manipulation of this functionality results in...

CVE-2025-9143 Scada-LTS mailing_lists.shtm cross site scripting

A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailinglists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public a...

PT-2025-33638 · Portabilis · Portabilis I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions prior to 1.5.1 Description: A security flaw has been discovered in Portabilis i-Diario. The vulnerability affects an unknown functionality of the file /password/email within the Password Recovery Endpoint componen...