CVE-2026-9383 itsourcecode Electronic Judging System login.php sql injection

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

PT-2026-42944

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

CVE-2026-45351

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

CVE-2026-45351

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

CVE-2026-44183

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

CVE-2020-37220 Huawei HG630 V2 Router Authentication Bypass via Serial Number

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...

CVE-2020-37220 Huawei HG630 V2 Router Authentication Bypass via Serial Number

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...

PT-2026-40330

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

EUVD-2024-31033

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

CVE-2024-33288

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

CVE-2024-33288

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

CVE-2024-33288

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

CVE-2024-33288

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

PT-2026-38668

Name of the Vulnerable Software and Affected Versions Prison Management System Using PHP version 1.0 Description An issue exists on the Admin login page where the username parameter is susceptible to SQL injection, a technique that allows an attacker to interfere with the queries that an...

CVE-2026-8098

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

Camaleon CMS v2.9.0 - Path Traversal

Exploit Title: Camaleon CMS v2.9.0 - Path Traversal Date: 2026-02-02 Exploit Author: Sakshi Velampudi CyberQuestor Vendor Homepage: https://github.com/owen2345/camaleon-cms Software Link: https://github.com/owen2345/camaleon-cms/releases/tag/2.9.0 Version: = 2.9.0 Tested on: Linux CVE:...

JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution

Exploit Title: JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution Date: 2026-01-10 Exploit Author: Sardor Shoakbarov Author GitHub: https://github.com/TheDeepOpc Vendor Homepage: https://juzaweb.com/ Software Link: https://github.com/juzaweb/ CVE: N/A Pending import requests import argparse...

CVE-2026-7227

SourceCodester Pizzafy Ecommerce System 1.0 contains an SQL injection in the Login function (admin/ajax.php?action=login) via manipulation of the e-mail parameter. Exploitation is possible remotely and the exploit is public, indicating practical risk. The CVE notes CVSS metrics (e.g., up to 7.3–7...

EUVD-2026-25991

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-7227 SourceCodester Pizzafy Ecommerce System ajax.php login sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...