CVE-2026-10208

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

CVE-2026-4842 itsourcecode Online Enrollment System Parameter index.php sql injection

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is...

CVE-2026-3793 SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...

CVE-2026-3200

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-2176

A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem0 leads to sql injection. The attack can be executed remotely...

CVE-2026-2014

A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-1449

A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function PageLoad of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. It is possible to launch the attack...

CVE-2023-4182

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file editsell.php. The manipulation of the argument uppid leads to sql injection. It is possible to initiate the attack remotely. The identifier...

CVE-2025-14570

CVE-2025-14570 affects projectworlds Advanced Library Management System 1.0. The vulnerability is in the file routes involving the parameter that controls the admin ID (notably /view_admin.php or /view admin.php in variants) where improper handling/manipulation of the admin_id parameter enables S...

CVE-2025-11585 code-projects Project Monitoring System useredit.php sql injection

A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

PT-2025-41226

Name of the Vulnerable Software and Affected Versions itsourcecode Student Transcript Processing System version 1.0 Description A weakness exists in itsourcecode Student Transcript Processing System 1.0. The issue involves the potential for SQL injection through manipulation of the uname argument...

EUVD-2025-27178

Malicious code in bioql PyPI...

EUVD-2025-24025

Malicious code in bioql PyPI...

EUVD-2025-25014

Malicious code in bioql PyPI...

EUVD-2025-26366

Malicious code in bioql PyPI...

PT-2025-35411

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists due to the manipulation of the user id argument in an unknown function within the /ajax/updateProfile.php file. This allows for remote exploitation...

CVE-2025-9148

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed...

PT-2025-33477 · Projectworlds · Travel Management System

Name of the Vulnerable Software and Affected Versions: projectworlds Travel Management System version 1.0 Description: A vulnerability exists in projectworlds Travel Management System 1.0, affecting an unknown functionality within the /addcategory.php file. Manipulation of the t1 argument results...

CVE-2025-8968

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapproveuser.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The explo...

CVE-2023-2669

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/viewcategory of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. I...