CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

SourceCodester Simple POS and Inventory System SQL注入漏洞

SourceCodester Simple POS and Inventory System is SourceCodester open source a simple POS and inventory system . SourceCodester Simple POS and Inventory System version 1.0 suffers from a SQL injection vulnerability that originates from the manipulation of the parameter Name by an unknown function...

Note Mark: OIDC-registered users authenticated by submitting password "null"

Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the IsPasswordMatch function. An attacker can gain unauthorized access to accounts registered through OIDC by submitting the password "null" to the internal login endpoint, which results in a valid session...

EUVD-2026-17555

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search without authorization. This issue has been patched in...

CVE-2026-32618

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search without authorization. This issue has been patched in...

CVE-2026-32618

Discourse (open-source discussion platform) has a channel membership inference vulnerability affecting versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, where chat user search could reveal channel membership without authorizat...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the possibility of inferring the identity of a channel...

PT-2026-28386

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description Open WebUI is a self-hosted artificial intelligence platform designed for offline operation. A flaw exists where any authenticated user can access private memories and files belonging to other...

CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

CVE-2021-27956

Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html/directory-search user search page via the e-mail address field...

Complaint Management System user-search.php File Cross-Site Scripting Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the search parameter of user-search.php, which can be exploited to...

CVE-2024-44655

PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting XSS via the search parameter in user-search.php...

CVE-2024-44655

PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting XSS via the search parameter in user-search.php...

CVE-2024-44655

CVE-2024-44655 affects PHPGurukul Complaint Management System 2.0. A stored/reflected XSS in the search parameter of user-search.php enables execution of arbitrary scripts when exploited. Documented impact includes script injection affecting users; CVSS 3.1 base score 6.1 (Medium) with network at...

CVE-2024-44655

PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting XSS via the search parameter in user-search.php...

CVE-2024-44655

PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting XSS via the search parameter in user-search.php...

PT-2025-47189

Name of the Vulnerable Software and Affected Versions PHPGurukul Complaint Management System version 2.0 Description The PHPGurukul Complaint Management System is affected by a Cross Site Scripting XSS issue. This issue occurs through the search parameter in the 'user-search.php' file. Successful...

PHPGurukul Complaint Management System 安全漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the search parameter of user-search.php, which can be exploited to...