EUVD-2026-21420

Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug...

EUVD-2026-21374

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation...

EUVD-2026-21370

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

EUVD-2026-21328

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

CVE-2026-6037 code-projects Vehicle Showroom Management System AddVehicleFunction.php sql injection

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCHID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

CVE-2026-6036 code-projects Vehicle Showroom Management System VehicleDetailsFunction.php sql injection

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLEID results in sql injection. The attack can be executed remotely. The exploit has be...

CVE-2026-6033

CodeAstro Online Classroom 1.0 is affected by a SQL injection in updatedetailsfromstudent.php, triggered by manipulating the fname parameter (eno=146891650). The vulnerability arises from an unknown function in /updatedetailsfromstudent.php and can be exploited remotely. Public disclosure of the ...

EUVD-2026-21297

A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edithpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2026-6010 CodeAstro Online Classroom takeassessment2.php sql injection

A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploitation of the attac...

CVE-2026-6006 code-projects Patient Record Management System edit_hpatient.php sql injection

A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edithpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

EUVD-2026-21282

A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the file /sql/library.sql of the component SQL Database Backup File Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The...

EUVD-2026-21224

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CodeAstro Online Classroom SQL注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Q1 in the file /OnlineClassroom/takeassessment2.php, which may lead...

PT-2026-31903

Name of the Vulnerable Software and Affected Versions code-projects Vehicle Showroom Management System version 1.0 Description A flaw exists in code-projects Vehicle Showroom Management System 1.0, specifically within the /util/RegisterCustomerFunction.php file. Manipulation of the BRANCH ID...

PT-2026-31930

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

CVE-2026-36235

CVE-2026-36235 describes a SQL injection in the itsourcecode Online Student Enrollment System v1.0, specifically in the scheduleSubList.php file. The vulnerability arises because the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without sanitization or vali...

CodeAstro Online Classroom SQL注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter fname in the file/updatedetailsfromstudent.php, which may lead to S...

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities were due to improper input validation in the...

PT-2026-31929

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $ GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

Code-Projects Simple IT Discussion Forum SQL注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of the code-projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Category parameter in the...