CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/10 7:30 a.m.•29 views

CVE-2026-6033 CodeAstro Online Classroom updatedetailsfromstudent.php sql injection

A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been public...

6.5CVSS0.00036EPSS

ATTACKERKB•added 2026/04/10 6:45 a.m.•2 views

CVE-2026-6030

A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be us...

6.5CVSS6.4AI score0.00012EPSS

NVD•added 2026/04/10 4:17 a.m.•0 views

CVE-2026-6006

A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edithpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

6.5CVSS0.00036EPSS

ATTACKERKB•added 2026/04/10 2:45 a.m.•2 views

CVE-2026-6005

A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematologyprint.php. Executing a manipulation of the argument hemid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.5AI score0.00036EPSS

CVE•added 2026/04/10 2:30 a.m.•5 views

CVE-2026-6004

The vulnerability affects code-projects Simple IT Discussion Forum 1.0, specifically the /delete-category.php handler where manipulating the cat_id parameter triggers a SQL injection. The issue stems from unsafely handling input in that function, enabling a remote attacker to interact with the da...

7.5CVSS6.9AI score0.00043EPSS

CVE•added 2026/04/09 3:30 a.m.•3 views

CVE-2026-5838

The CVE concerns PHPGurukul News Portal Project 4.1. A vulnerability exists in unknown code of the file /admin/add-subadmins.php where manipulation of the argument sadminusername leads to SQL injection. The attack may be initiated remotely, and the exploit has been publicly disclosed and may be u...

5.8CVSS5.8AI score0.00039EPSS

ATTACKERKB•added 2026/04/09 3:15 a.m.•1 views

CVE-2026-5837

A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

7.5CVSS6.8AI score0.00043EPSS

ATTACKERKB•added 2026/04/09 1:0 a.m.•1 views

CVE-2026-5828

A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and...

7.5CVSS6.8AI score0.00014EPSS

NVD•added 2026/04/09 12:16 a.m.•2 views

CVE-2026-5814

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS0.00043EPSS

EUVD•added 2026/04/08 11:45 p.m.•1 views

EUVD-2026-20813

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed public...

7.5CVSS5.8AI score0.00014EPSS

CVE•added 2026/04/08 11:0 p.m.•3 views

CVE-2026-5814

CVE-2026-5814 affects PHPGurukul Online Course Registration 3.1. The vulnerability is in the /admin/check_availability.php script, where manipulating the regno parameter leads to SQL injection. Attack vector is NETWORK with LOW attack complexity and no required privileges or user interaction. Rep...

7.5CVSS5.8AI score0.00043EPSS

RedhatCVE•added 2026/04/07 11:1 p.m.•3 views

CVE-2026-5675

A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borrowedtool.php of the component Parameter Handler. The manipulation of the argument emp results in sql injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.4AI score0.00036EPSS

RedhatCVE•added 2026/04/06 10:59 p.m.•3 views

CVE-2026-5586

A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.00014EPSS

NVD•added 2026/04/06 6:16 p.m.•2 views

CVE-2026-5675

6.5CVSS0.00036EPSS

RedhatCVE•added 2026/04/06 5:0 p.m.•3 views

CVE-2026-5563

A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...

6.5CVSS6.4AI score0.00011EPSS

RedhatCVE•added 2026/04/06 5:0 p.m.•1 views

CVE-2026-5578

A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is possible to be carried...

6.5CVSS6.5AI score0.00012EPSS

RedhatCVE•added 2026/04/06 10:57 a.m.•1 views

CVE-2026-5552

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible...

6.5CVSS6.4AI score0.00012EPSS

RedhatCVE•added 2026/04/06 10:57 a.m.•0 views

CVE-2026-34228

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...

8.7CVSS6.1AI score0.00009EPSS

Exploits1References1

EUVD•added 2026/04/06 9:31 a.m.•0 views

EUVD-2026-19200

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...

7.5CVSS5.8AI score0.0004EPSS