PT-2026-32637

CVE-2026-37596 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/manage department.php. https://t.co/mauoyzh46T...

school-management-system 安全漏洞

School-Management-System is a school management system developed by Shubham Kumar, an individual developer. This system is designed for schools or small institutions. Version 1.0 of School-Management-System contains a security vulnerability. This vulnerability stems from improper handling of the...

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

PT-2026-32686

Name of the Vulnerable Software and Affected Versions Snipe-IT version 8.4.0 Description Improper authorization in the '/api/v1/users/id' endpoint allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users by...

PT-2026-32680

Name of the Vulnerable Software and Affected Versions Webkul Krayin CRM versions 2.2.x Description An authenticated arbitrary file upload flaw exists in the /admin/tinymce/upload endpoint. This issue allows an authenticated attacker to upload a crafted PHP file, such as a web shell, leading to...

PT-2026-32598

Name of the Vulnerable Software and Affected Versions WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress versions up to 1.2 Description Stored Cross-Site Scripting occurs via admin settings due to insufficient input sanitization and output escaping. Authenticated...

CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Version Snipe-IT v8.4.0 contains a security vulnerability. This vulnerability stems from the improper authorization in the/api/v1/users/id endpoint, which may allow authenticated attackers with the...

PT-2026-32584

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

PT-2026-32632

CVE-2026-37591 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view details.php. https://t.co/zFz4555XYZ...

CVE-2026-37594

CVE-2026-37594 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The vulnerability is a SQL Injection in /wfh_attendance/admin/view_employee.php, caused by unsafe SQL handling in that file. The available data identifies the issue but does not provide exploitation deta...

CVE-2026-37593

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewatt.php...

PT-2026-32635

CVE-2026-37594 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/view employee.php. https://t.co/ZIn2ZMpKYa...

PT-2026-32678

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.5 FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox version 4.2 FortiSandbox Cloud version 5.0.4 FortiSandbox PaaS version 5.0.4 Description An improper limitation of a pathname to a restricted...

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

PT-2026-32652

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions,...

Microsoft Windows Admin Center 跨站脚本漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. Microsoft Windows Admin Center has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to carry out...

PT-2026-32677

Name of the Vulnerable Software and Affected Versions PowerChute Serial Shutdown affected versions not specified Description An uncontrolled resource consumption issue exists where a Web Admin user can cause a denial of service. This occurs when the system is flooded with specially crafted POST...

CVE-2026-37596

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...

PT-2026-32633

CVE-2026-37592 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage pricing.php. https://t.co/MgRy57pmLM...