CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...

CVE-2026-2663 Alixhan xh-admin-backend Database Query query sql injection

A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It ...

PT-2026-20487

A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It ...

CampCodes Advanced Online Examination System SQL注入漏洞

CampCodes Advanced Online Examination System is an advanced online examination system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Advanced Online Examination System version 1.0, which stems from an incorrect manipulation of the parameter Username in the file...

PT-2025-50615

Name of the Vulnerable Software and Affected Versions Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2 Description An issue exists in Foxit PDF and Editor that may lead to information disclosure or memory corruption. This can occur when opening a...

PT-2025-49408

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add file query.php. The manipulation of the argument per file results in unrestricted upload. The attack may be launched remotely. The exploit has be...

CVE-2025-10822 fuyang_lipengjun platform queryAll SysSmsLogController improper authorization

A vulnerability has been found in fuyanglipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and m...

Weitong Mall 授权问题漏洞

Weitong Mall Weitong Mall is a shopping mall system by fuyanglipengjun, an individual developer. An authorization issue vulnerability exists in Weitong Mall version 1.0, which originates from improper authorization of the BrandController function in the file /brand/queryAll, and could lead to a...

CVE-2023-27733

DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/syssqlquery.php...

MyWebSQL Cross-Site Request Forgery Vulnerability

MyWebSQL is a web-based MySQL database management client from Samnan ur Rehman Software Developers. A cross-site request forgery vulnerability exists in MyWebSQL. An attacker can exploit this vulnerability to delete databases with the help of the /?q=wrkfrm&type=databases URI...