CVE-2026-47075 CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

dvwa_web_security_labs

DVWA Web Security Labs Project Description This project c...

EUVD-2026-31666

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

EUVD-2026-31663

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

EUVD-2026-31645

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may ...

EUVD-2026-31614

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...

Softneta MedDream PACS Server Premium SQL注入漏洞

Softneta MedDream PACS Server Premium is a medical image storage and reading platform from Softneta. A SQL injection vulnerability exists in Softneta MedDream PACS Server Premium version 6.7.1.1, which originates from malicious code injection via email parameters and could lead to execution of...

WordPress plugin eMagicOne Store Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

PT-2026-43071

Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...

Joomla! Component eXtroForms SQL注入漏洞

Joomla! Component eXtroForms is an open source Joomla! A SQL injection vulnerability exists in Joomla! Component eXtroForms version 2.1.5, which stems from an SQL injection in the filtertypeid, filterpidid, and filtersearch parameters, which could allow an authenticated attacker to extract...

Genetec Security Center 安全漏洞

Genetec Security Center is a unified security platform from Genetec. Connect your security systems, sensors and data in one interface to streamline your operations. Genetec Security Center has a security vulnerability that stems from being susceptible to SQL injection attacks...

Roundcube Webmail SQL注入漏洞

Roundcube Webmail is Roundcube open source a browser-based open source IMAP client, which supports address book management, message search, spell checking and so on. Roundcube Webmail 1.6.x versions prior to 1.6.16 and 1.7.x versions prior to 1.7.1 SQL injection vulnerability , the vulnerability...

PT-2026-43231

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

PT-2026-43038

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

Code-Projects Employee Management System SQL注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . Code-Projects Employee Management System version 1.0 suffers from a SQL injection vulnerability that originates from the operation of the parameter pid by an unknown function in the /psubmit.php...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 0 through prior to 4.0.1, which stems from a URL query component that does not percentile encode CRLF characters, potentially resulting in HTTP request splitting...

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2026-41096 - Crash PoC Heap overflow in DnsRawTruncateMe...

CVE-2026-9383 itsourcecode Electronic Judging System login.php sql injection

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

AI-Code-Vulnerability-Scanner

AI-Code-Vulnerability-Scanner The AI Code Vulnerability Scanne...