CVE-2026-39170

SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcmsuser.php...

CVE-2026-4544

CVE-2026-4544 affects Wavlink WL-WN578W2 221110. The vulnerability is in the POST Request Handler’s /cgi-bin/login.cgi, where manipulating the argument homepage/hostname/login_page can trigger cross-site scripting. Exploitation is possible remotely, and public exploit activity is indicated. No ve...

CVE-2026-2221 code-projects Online Reviewer System Login index.php sql injection

A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The...

CVE-2021-2322

Vulnerability in OpenGrok component: Web App. Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1...

CVE-2025-15211

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

CVE-2025-15188

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotel...

Online Banking website using PHP SQL注入漏洞

Online Banking website using PHP is an online banking website by Rashmin Personal Developer. A SQL injection vulnerability exists in Online Banking website using PHP, which stems from incorrect manipulation of the parameter Username in the file /site/dist/authlogin.php, which can lead to SQL...

School Fees Payment Management System /ajax.php?action=delete_payment file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

CVE-2025-13323

A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /listorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public...

EUVD-2025-37471

A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/logincrud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

CVE-2025-12612

CVE-2025-12612 affects Campcodes School Fees Payment Management System 1.0. The vulnerability stems from improper handling of the parameter in the /ajax.php?action=delete_course path, where manipulation of the ID enables a SQL injection. The issue is exploitable remotely and, per connected source...

📄 Casdoor 2.95.0 Cross Site Request Forgery

Casdoor version 2.55.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.95.0 2025-10-22 Date: 2025-10-23 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...

CVE-2025-11416 PHPGurukul Beauty Parlour Management System invoices.php sql injection

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can be initiated remotely. The exploit has been released to th...

EUVD-2018-20683

Malware in sbrugna...

EUVD-2021-12817

Malware in sbrugna...

EUVD-2020-27410

Malware in sbrugna...

EUVD-2018-9409

Malware in sbrugna...

EUVD-2025-6062

Malicious code in bioql PyPI...

EUVD-2025-25697

Malicious code in bioql PyPI...

CVE-2025-10445

A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/ustransac.php?action=add. Executing manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has bee...