CVE-2026-10171

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public a...

PT-2026-29189

A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-1444 iJason-Liu Books_Manager add_book_check.php cross site scripting

A vulnerability has been found in iJason-Liu BooksManager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/bookscenter/addbookcheck.php. Such manipulation of the argument mark leads to cross site scripting. The attack can be launched remotely. T...

CVE-2025-14650

A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2025-12201

A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. ...

EUVD-2025-24024

Malicious code in bioql PyPI...

EUVD-2025-25125

Malicious code in bioql PyPI...

CVE-2025-10246

The CVE-2025-10246 entry concerns lokibhardwaj PHP-Code-For-Unlimited-File-Upload. Affected component: the file /f.php, where manipulation of the parameter h enables cross-site scripting. Impact: remote exploitation is possible; exploits have been publicly disclosed. The issue references versions...

CVE-2025-10062

A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed...

PT-2025-36417

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions prior to 2.11 Description: A flaw has been found in Portabilis i-Educar that allows for improper access controls. This issue affects an unknown part of the file /enturmacao-em-lote/. The attack is possible to be...

CVE-2025-9655

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

CVE-2025-8928

A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injection. It is possible to initiate the attack...

CVE-2025-8789

A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The explo...

CVE-2025-4739

A vulnerability was found in projectworlds Hospital Database Management System 1.0. It has been classified as critical. This affects an unknown part of the file /medicinesinfo.php. The manipulation of the argument MedID leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-3353

A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2025-3341

A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. This affects an unknown part of the file /admin/reservationview.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. Th...

CVE-2025-0346

A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to...

CVE-2024-8416

A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been classified as critical. This affects an unknown part of the file /routers/ticket-status.php. The manipulation of the argument ticketid leads to sql injection. It is possible to initiate the attack remotel...

CVE-2023-2659

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file viewproduct.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit ha...

CVE-2023-2524

A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2//. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The...