CVE-2026-4471

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admineditemployee.php. Executing a manipulation of the argument FirstName can lead to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-4472 itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admineditsupplier.php. The manipulation of the argument SupplierName leads to sql injection. The attack can be initiated remotely. The...

CVE-2026-4472 itsourcecode Online Frozen Foods Ordering System admin_edit_supplier.php sql injection

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admineditsupplier.php. The manipulation of the argument SupplierName leads to sql injection. The attack can be initiated remotely. The...

CVE-2026-4470

A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admineditmenu.php. Performing a manipulation of the argument productname results in sql injection. It is possible to initiate the...

PT-2026-26537

A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public a...

CVE-2026-22322 Stored Cross‑Site Scripting in Link Aggregation Name Handling

A stored cross‑site scripting XSS vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’...

CVE-2026-4288

A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be...

CVE-2026-4287

A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection. The attack can be...

CVE-2026-4289

Summary: CVE-2026-4289 affects Tiandy Easy7 Integrated Management Platform (up to v7.17.0). The vulnerability lies in the function at /rest/preSetTemplate/getRecByTemplateId where manipulating the ID parameter leads to a SQL injection. This can potentially be exploited remotely, and the exploit h...

CVE-2026-32774

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers...

CVE-2026-4236

The CVE-2026-4236 entry concerns itsourcecode Online Enrollment System 1.0. The vulnerability affects the file /enrollment/index.php?view=add, where manipulating the arguments txtsearch, deptname, or name leads to SQL injection. The issue is exploitable remotely, and the exploit is publicly discl...

CVE-2026-4232

Tiandy Integrated Management Platform 7.17.0 is affected by a SQL injection in /rest/user/getAuthorityByUserId. The vulnerability is triggered by manipulating the userId argument, with network-level access and no required privileges or user interaction. The exploit is publicly disclosed and the v...

CVE-2026-4223

The CVE-2026-4223 entry concerns the itsourcecode Payroll Management System 1.0. Affected component: /manage_employee.php. Root cause: manipulation of the ID argument leads to SQL injection. Impact is high (confidentiality, integrity, and availability affected per multiple CVSS vectors), with rem...

CVE-2026-4223

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manageemployee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might b...

PT-2026-25707

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-32774

CVE-2026-32774 affects Vulnogram 1.0.0 and describes a stored XSS vulnerability in comment hypertext handling. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims’ browsers. The root cause is stored cross-site scripting in HTML comments; exploitati...

EUVD-2026-11535

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...

CVE-2026-3980

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

PT-2026-24927

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...

CVE-2026-3813

A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WFCCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The...