Lucene search
+L

282 matches found

OSV
OSV
added 2026/01/29 3:16 p.m.5 views

CVE-2026-1594

A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/addexpenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The...

9.8CVSS5.7AI score0.00478EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.15 views

PT-2026-5297

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System that allows for remote manipulation of the ID argument in the file /ramonsys/faculty/index.php, leading to a SQL injection. Th...

9.8CVSS7.3AI score0.00379EPSS
Exploits1References10
CVE
CVE
added 2026/01/28 9:2 p.m.20 views

CVE-2026-1535

CVE-2026-1535 affects code-projects Online Music Site 1.0. The vulnerability exists in the file /Administrator/PHP/AdminReply.php, where manipulation of the ID argument leads to an SQL injection. This is remotely exploitable (network vector) and, per connected sources, the exploit has been public...

9.8CVSS5.8AI score0.00416EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5225

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A security issue exists in code-projects Online Music Site 1.0. Manipulation of the ID argument in the file /Administrator/PHP/AdminReply.php can lead to SQL injection. This issue is...

9.8CVSS5.8AI score0.00416EPSS
Exploits1References10
CVE
CVE
added 2026/01/18 1:2 p.m.25 views

CVE-2026-1120

CVE-2026-1120 affects Yonyou KSOA 9.0. The vulnerable element is the HTTP GET Parameter Handler in /worksheet/del_work.jsp; manipulating the ID parameter yields SQL injection. The issue is remotely exploitable and the exploit has been publicly disclosed. Vendors were contacted early but did not r...

9.8CVSS6.6AI score0.00448EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/18 11:15 a.m.6 views

CVE-2026-1118

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

9.8CVSS5.8AI score0.00323EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/17 6:2 p.m.4 views

CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS5.3AI score0.00364EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/12 12:2 a.m.35 views

CVE-2026-0852 code-projects Online Music Site AdminUpdateUser.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

7.5CVSS0.00326EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/06 1:13 p.m.17 views

CVE-2026-0591

A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch t...

6.5CVSS7.2AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 1:32 p.m.30 views

CVE-2026-0592

CVE-2026-0592 affects code-projects Online Product Reservation System 1.0, specifically the User Registration Handler’s register_code.php. The vulnerability is a SQL injection caused by manipulating input fields (fname, lname, address, city, province, country, zip, tel_no, email, username) in the...

9.8CVSS7.2AI score0.00379EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/01/05 10:2 a.m.23 views

CVE-2026-0585

The CVE-2026-0585 entry concerns code-projects Online Product Reservation System 1.0. It identifies a vulnerability in the GET Parameter Handler, specifically manipulating the transaction_id argument in /order_view.php to trigger SQL injection. The flaw is exploitable remotely and has publicly di...

9.8CVSS7.3AI score0.00379EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/04 11:32 p.m.5 views

CVE-2025-15447

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The research...

7.2AI score0.00035EPSS
Exploits0References4
CVE
CVE
added 2026/01/02 1:2 a.m.17 views

CVE-2025-15421

CVE-2025-15421 affects Yonyou KSOA 9.0. The flaw is in the HTTP GET Parameter Handler, specifically the manipulation of the parameter ID in the file /worksheet/agent_worksadd.jsp, leading to SQL injection. The vulnerability is remotely exploitable and the exploit is public. Multiple sources confi...

9.8CVSS7.4AI score0.00384EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/01/01 7:15 p.m.5 views

CVE-2025-15409

A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Deleteproduct.php. Executing a manipulation of the argument delpro can lead to sql injection. The attack may be performed from remote. The exploit...

9.8CVSS0.0038EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/31 12:2 a.m.12 views

CVE-2025-15210

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationalitynid leads to sql injection. The attack may be launched remotely. Th...

9.8CVSS7.2AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2025/12/30 10:2 a.m.13 views

CVE-2025-15243

CVE-2025-15243 affects Simple Stock System 1.0 via /market/login.php where manipulating the Username parameter enables SQL injection. Remote exploitation is possible and exploits have been published. Multiple sources describe the vulnerability and its potential impact on confidentiality, integrit...

9.8CVSS7.2AI score0.00412EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/12/29 11:2 p.m.15 views

CVE-2025-15209

CVE-2025-15209 affects code-projects Refugee Food Management System 1.0, specifically the /home/editfood.php handling of the a/b/c/d argument. The issue is a SQL injection caused by manipulating these parameters, with remote exploitation and a publicly available exploit. Multiple connected source...

9.8CVSS6.4AI score0.00309EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/12/29 11:15 a.m.2 views

CVE-2025-15184

A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

9.8CVSS5.7AI score0.00315EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.13 views

PT-2025-53713

Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A flaw exists in Refugee Food Management System version 1.0 that allows for remote SQL injection. The issue is located in the file /home/addusers.php. Manipulation of the a argument can le...

9.8CVSS7AI score0.00326EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/12/26 3:22 a.m.13 views

CVE-2025-15075

A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /studentp.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the...

9.8CVSS7.1AI score0.00389EPSS
Exploits1References1
Rows per page
Query Builder