CVE-2026-47325

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

CVE-2026-47325 Weak password policy in ProjectsAndPrograms school-management-system

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

PT-2026-45943

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

Malicious code in comp-base-birthdate (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6408 Malicious code in comp-base-birthdate (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in sap-birthdate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8c22fde65593fe72b69b423a1bef3e0af246fed12b8644cd5d69ab128818e82d The OpenSSF Package Analysis project identified 'sap-birthdate' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Design/Logic Flaw

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer e.g., data of birth, full address, mail information, and phone number via GastKont Insecure Direct Object Reference...

Insulet Corporation: DOM XSS on www.omnipod.com/freedom/birthdate-confirmation and www.omnipod.com/pif/thanks-freedom

The DOM-based XSS vulnerability was found on the www.omnipod.com/freedom/birthdate-confirmation and www.omnipod.com/pif/thanks-freedom pages. The vulnerability was triggered by crafting a URL with malicious code in the query parameters, which was then executed by the vulnerable script on the page...

Khan Academy: Weak Bithdate Validation Implemented on Sign Up

The Birthdate Field on the KhanAcademy's Sign Up page for new users has the year range from 2017 to 1897. F210177 However, while signing up for a new account, I was able to set the year to 1033 by manipulating the data being sent to the server and the account was successfully created. I can also...

IBM DB2 Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2067/info IBM DB2 Universal Database is a distributed database application. It may be possible for a database user to crash the server through a bug in handling certain queries. If a certain query is executed that contain...

Traidnt Up 3.0 CSRF Vulnerability

No description provided by source. Title : TRAIDNT UP Version 3.0 - CSRF Add Admin Script : TRAIDNT UP Version 3.0 Language : Php Download : http://www.traidnt.net http://www.traidnt.net/vb/attachment.php?attachmentid=519880&d=1285278011 Date : 2010/12/25 Version : 3.0 Dork : Powered by TRAIDNT U...