EUVD-2026-21390

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

itsourcecode Online Student Enrollment System 安全漏洞

itsourcecode Online Student Enrollment System is an open-source online enrollment system developed by itsourcecode. Version 1.0 of the itsourcecode Online Student Enrollment System contains a security vulnerability. This vulnerability arises from the classId parameter in the instructorClasses.php...

CVE-2026-36232

Summary: CVE-2026-36232 affects the itsourcecode Online Student Enrollment System v1.0, via the file instructorClasses.php . The issue arises because the parameter classId from $_GET['classId'] is directly concatenated into an SQL query without sanitization or validation, enabling SQL injection. ...

EUVD-2017-18286

Malware in sbrugna...

EUVD-2025-31422

Malicious code in bioql PyPI...

CVE-2023-41520

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters...

Student Attendance Management System 安全漏洞

Student Attendance Management System is a student attendance management system developed by rickxy. A security vulnerability exists in Student Attendance Management System v1. The vulnerability stems from SQL injection due to incorrect manipulation of the classId and classArmName parameters in th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent the creation of classes with TCHROOT. The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing the qdisc tree to update parent backlogs. However, if a class is created with...

CVE-2024-37791

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?classid...

UBUNTU-CVE-2025-21971

In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent creation of classes with TCHROOT The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created wi...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit the vulnerability to access the database by executing arbitrary SQL commands via the firstname, lastname,...

Simple Student Attendance System SQL Injection Vulnerability

Simple Student Attendance System is a simple student attendance system. A SQL injection vulnerability exists in Student Attendance System version 1.0, which stems from an incorrect manipulation of the parameter classid that can lead to sql injection...

Projectworlds Student Result Management System SQL Injection Vulnerability

Projectworlds Student Result Management System is a student result management system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Student Result Management System v1.0, which stems from the fact that the "classid" parameter of addclasses.php does not validate th...

PT-2023-30919 · Unknown · Student Result Management System

Name of the Vulnerable Software and Affected Versions: Student Result Management System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The class id parameter of the "add classes.php" resource does not validate the characters received, and they...

SUSE CVE-2017-9351

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully...

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

jackson-databind: Serialization gadgets in classes of the xalan package

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...