PT-2026-32633

CVE-2026-37592 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage pricing.php. https://t.co/MgRy57pmLM...

CVE-2026-37589

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in /storage/admin/maintenance/manage_storage_unit.php. The CVE entry (CVE-2026-37589) is corroborated by multiple sources (NVD, ENISA EUVD, CVE List, AttackersKB, CVE enrichment) indicating a SQL injection fl...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...

CVE-2025-6769

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces...

CVE-2025-6769 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces...

CVE-2025-6769

GitLab CE/EE (versions 15.1–18.1.5, 18.2–18.2.5, 18.3–18.3.1) are affected by CVE-2025-6769. In affected builds, an authenticated user could view administrator-only maintenance notes by accessing runner details through specific interfaces. The public descriptions indicate the issue enabled exposu...

CVE-2025-6769 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces...

PT-2025-37293

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.1 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE that could allow authenticated users to view administrator-only...

PT-2024-39564 · Sourcecodester · Sourcecodester Employee/Visitor Gate Pass Logging System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue affects the processing of the file /admin/maintenance/manage department.php, where the manipulation of the id argument leads to SQL...

Employee and Visitor Gate Pass Logging System SQL注入漏洞

Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system by Carlo Montero, an individual developer. A SQL injection vulnerability exists in SourceCodester Employee and Visitor Gate Pass Logging System version 1.0, which stems from an SQL injection in the id...

PT-2023-17691 · Unknown · Sourcecodester Employee/Visitor Gate Pass Logging System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /admin/maintenance/view designation.php, specifically the component GET...

PT-2023-17739 · Sourcecodester · Sourcecodester Vehicle Service Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Vehicle Service Management System version 1.0 Description: A critical issue affects the processing of the file /admin/maintenance/manage category.php, where the manipulation of the id argument leads to sql injection. The attack...

Sourcecodester Vehicle Service Management System SQL注入漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple web application for automotive repair/service stores or businesses. SourceCodester Vehicle Service Management System version 1.0 SQL injection vulnerability exists , the vulnerability stems from the path...

Online Computer and Laptop Store 跨站脚本漏洞

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A cross-site scripting vulnerability exists in Online Computer and Laptop Store v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the Brand...

PT-2023-17364 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue was found in the function delete brand of the file /admin/maintenance/brand.php, where the manipulation of the argument id leads to SQL injection. This...

PT-2022-27363 · Unknown · Online Leave Management System

Name of the Vulnerable Software and Affected Versions: Online Leave Management System version 1.0 Description: The issue is related to a stored cross-site scripting XSS vulnerability. This vulnerability is located in the /leave system/admin/?page=maintenance/department component and allows...

CVE-2022-41377

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /petshop/admin/?page=maintenance/managecategory...

CVE-2022-30399

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/admin/?page=maintenance/managecategory&id=...

Money Transfer Management System SQL Injection Vulnerability

A SQL injection vulnerability exists in Money Transfer Management System version 1.0, a money transfer management system. The vulnerability stems from missing validation of external input SQL statements in the id parameter in admin/maintenance/managebranch.php and admin/maintenance/managefee.php...

Sql injection

Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/managebranch.php' and 'admin/maintenance/managefee.php' via the 'id' parameter...