PT-2026-32356

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view service.php...

PT-2026-32333

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load admin.php...

SourceCodester Basic Library System 安全漏洞

The SourceCodester Basic Library System is an open-source library system developed by SourceCodester. Version 1.0 of the SourceCodester Basic Library System contains a security vulnerability, which stems from an SQL injection vulnerability in the /librarysystem/loadadmin.php file...

CVE-2026-36952

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php (CVE-2026-36952). The connected documents consistently describe the same issue, with no exploit details, affected version beyond v1.0, or remediation steps pr...

Linux Distros Unpatched Vulnerability : CVE-2026-34179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH...

CVE-2026-36938

Summary of CVE-2026-36938 : The Red Hat, ENISA, NVD, and related records all describe a SQL injection vulnerability in Sourcecodester Online Resort Management System v1.0, specifically in the file path /orms/admin/rooms/view_room.php. The vulnerability is consistently reported as SQL injection af...

📄 WBCE CMS 1.6.4 SQL Injection

WBCE CMS versions 1.6.4 and below suffer from a remote time-bsed SQL injection vulnerability via the groups parameter. CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups Parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65950 | | Severity |...

CVE-2026-36922

Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/viewcategory.php...

📄 Pachno 1.0.6 Cross Site Request Forgery

Pachno version 1.0.6 suffers from a cross site request forgery vulnerability. Pachno 1.0.6 Cross-Site Request Forgery Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly known as...

PT-2026-32362

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage repair.php...

PT-2026-32391

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view room.php...

📄 Authentic 8 Insecure Direct Object Reference / Broken Access Control

Authentic 8 has an broken access control that can be leveraged via insecure direct object reference that can lead to PII information disclosure. ================================================================================================================================== | Title : Authentic 8...

CVE-2026-36873

CVE-2026-36873 affects Sourcecodester Basic Library System v1.0. The vulnerability is a SQL Injection in the administrative loader endpoint at /librarysystem/load_admin.php (variants in copies show /librarysystem/load_admin.php). Evidence from Red Hat, ENISA EUVD, CIRCL, CVE lists confirms the sa...

Exploit for CVE-2020-24586

Fracture FragAttacks WiFi Penetration Framework CVE-202...

pantry

▄▄ ▄▄ ▄█▀▀█▄ █▄ █...

EUVD-2019-20139

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...

EUVD-2019-20149

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

EUVD-2019-20143

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

GHSA-XXXG-X793-7FQ3 Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...