SourceCodester Online Resort Management System 安全漏洞

The SourceCodester Online Resort Management System is an open-source network-based application developed by SourceCodester. It provides online room booking capabilities and can also be used as a simple website for resorts. Version 1.0 of the SourceCodester Online Resort Management System has a...

SourceCodester Online Resort Management System 安全漏洞

The SourceCodester Online Resort Management System is an open-source network-based application developed by SourceCodester. It provides online room reservations and can also be used as a simple website for resorts. Version 1.0 of the SourceCodester Online Resort Management System has a security...

SourceCodester Online Thesis Archiving System 安全漏洞

The SourceCodester Online Thesis Archiving System is an open-source online thesis archiving system developed by SourceCodester. Version 1.0 of the SourceCodester Online Thesis Archiving System contains a security vulnerability, which stems from SQL injection in the file...

PT-2026-32332

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load book.php...

CVE-2026-36945

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manageclient.php...

CVE-2026-36943

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/managerepair.php...

PT-2026-32512

Apache SkyWalking CVE-2025-54057: Stored XSS https://t.co/U4ZzTJS7iT CVE-2026-34476: SSRF via SW-URL Header in MCP Server https://t.co/zPXOQv1Xff CVE-2026-34884: SSRF via set skywalking url Tool and GraphQL Expression Injection in MCP Server https://t.co/5H4PWKYENG...

CVE-2026-36873

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadadmin.php...

PT-2026-32276

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-36948

The connected sources confirm CVE-2026-36948 affects Sourcecodester Online Thesis Archiving System v1.0, with a SQL injection vulnerability in the file /otas/view_archive.php. Public details consistently describe an SQL injection condition but do not provide product versions beyond v1.0, impact s...

Linux Distros Unpatched Vulnerability : CVE-2025-9484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain...

EUVD-2019-20149

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

EUVD-2018-21768

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

CVE-2019-25713

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

GHSA-59XV-588H-2VMM @saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler

Summary The jsexprToSQL function in Saltcorn converts JavaScript expressions to SQL for use in database constraints. The Literal handler wraps string values in single quotes without escaping embedded single quotes, allowing SQL injection when creating Formula-type table constraints. Vulnerable...

@saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler

Summary The jsexprToSQL function in Saltcorn converts JavaScript expressions to SQL for use in database constraints. The Literal handler wraps string values in single quotes without escaping embedded single quotes, allowing SQL injection when creating Formula-type table constraints. Vulnerable...

CVE-2026-35596 Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, description...

CVE-2026-35596

CVE-2026-35596 affects Vikunja prior to 2.3.0. The function hasAccessToLabel contains a SQL operator precedence bug in the label-permission query, causing any authenticated user to read any label that has at least one task, regardless of project access. This exposes label titles, descriptions, co...

EUVD-2026-21420

Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug...