CVE-2026-10568

A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /managepayment.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-10568

CVE-2026-10568 affects itsourcecode Fees Management System 1.0. The vulnerability is an SQL injection in an unknown function of /manage_payment.php triggered by tampering with the ID parameter. Attackable remotely with network access; the exploit is public. Documentation provides CVSS-derived met...

CVE-2026-10568 itsourcecode Fees Management System manage_payment.php sql injection

A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /managepayment.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

[SECURITY] Fedora 43 Update: dovecot-2.4.4-1.fc43

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages...

EUVD-2026-33828

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

EUVD-2026-33791

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-10302

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

PT-2026-45819

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.88 Description A security flaw exists in the RemoveXSS function within the '/plus/carbuyaction.php' file. Remote attackers can perform SQL injection, which is a technique used to manipulate a database by inserting malicious...

PT-2026-45852

Name of the Vulnerable Software and Affected Versions code-projects Student Admission System version 1.0 Description A SQL injection flaw exists in the /index.php file. This issue allows a remote attacker to manipulate the eid and did arguments to execute unauthorized database queries...

PT-2026-45845

Name of the Vulnerable Software and Affected Versions ARMember Premium versions prior to 7.3.2 Description An SQL Injection issue exists in the ARMember Premium plugin for WordPress. The get private content data AJAX action fails to properly sanitize the sSortDir 0 parameter, which is concatenate...

📄 Drupal core 10.5.5 SQL Injection

This proof of concept demonstrates an error-based remote SQL injection vulnerability in Drupal core version 10.5.5 PostgreSQL. User-controlled JSON:API filter array keys influence SQL query construction, allowing database information disclosure through SQL error messages. Exploit Title: Drupal Co...

PT-2026-45818

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.88 Description A remote SQL injection is possible through the manipulation of the msg argument within the dede htmlspecialchars function located in the '/plus/flink.php' file. Recommendations As a temporary workaround,...

Appsmiths SQL Query autocomplete renderer contains a cross site scripting vulnerability

Overview A stored cross-site scripting XSS vulnerability has been discovered in Appsmith, specifically in the CodeMirror based SQL query editor’s autocomplete renderer. CVE-2026-7299 has been assigned to track the vulnerability. An attacker with developer level access to a shared PostgreSQL...

openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20852-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20852-1 advisory. Changes in roundcubemail: - update to 1.6.16 - Fix potential too long value in IMAP ID command 10136 - Security: Fix stored XSS/HTML/CSS injecti...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PHP vulnerabilities (USN-8336-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8336-1 advisory. Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the...

PT-2026-45788

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The SQL query editor's autocomplete functionality fails to sanitize database object names before rendering them using innerHTML. This allows an authenticated Developer with access to a shared PostgreS...

PT-2026-45844

Name of the Vulnerable Software and Affected Versions ARMember Premium versions prior to 7.3.2 Description An issue exists where unauthenticated attackers can append additional SQL queries to existing ones to extract sensitive information from the database. This occurs due to insufficient escapin...

CVE-2026-10302 itsourcecode Fees Management System manage_fee.php sql injection

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2026-10302 itsourcecode Fees Management System manage_fee.php sql injection

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2026-10302

The CVE-2026-10302 entry concerns itsourcecode Fees Management System 1.0. The vulnerability lies in an unknown function within the file /manage_fee.php, where manipulating the ID parameter can lead to SQL injection. This allows remote exploitation, and the exploit has been published. The CVSS me...