PT-2026-35354

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save receiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploi...

PT-2026-35337

A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. It is possible to initiate the attack remotely. The exploit has been mad...

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from the operation of an unknown function in the...

PT-2026-35397

A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might ...

Symbolic Execution Meets Multi-LLM Orchestration: Detecting Memory Vulnerabilities in Incomplete Rust CVE Snippets

This paper presents a system combining symbolic execution KLEE with a 4-agent multi-LLM architecture for detecting memory vulnerabilities in Rust unsafe code. A central challenge we address is the incomplete-code problem: CVE database entries provide only isolated code snippets that lack struct...

Code-Projects Online Lot Reservation System 注入漏洞

Code-Projects Online Lot Reservation System is an open-source online reservation system developed by Code-Projects. Versions of the Code-Projects Online Lot Reservation System prior to 1.0 contained a SQL injection vulnerability, which stemmed from the handling of parameters email/password in the...

SQL Injection

Overview org.springframework.ai:spring-ai-azure-cosmos-db-store is a Spring AI Vector Store for Azure Cosmos DB Affected versions of this package are vulnerable to SQL Injection via document ID handling in CosmosDBVectorStore. An attacker can execute arbitrary SQL queries by supplying crafted...

📄 SQLite 3.50.1 winsqlite3.dll Heap Overflow

This Metasploit local exploit module targets a heap overflow vulnerability in winsqlite3.dll in SQLite versions prior to 3.50.2 on Windows systems. It first attempts to detect the installed SQLite version, then generates a specially crafted database and SQL workload containing an excessive number...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper...

itsourcecode Construction Management System 注入漏洞

itsourcecode Construction Management System is an open-source construction management system developed by itsourcecode. Version 1.0 of the itsourcecode Construction Management System has a vulnerability related to parameter handling in the file/execute1.php, which may lead to SQL injection attack...

org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40978 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316419...

PT-2026-35420

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save category. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released ...

PT-2026-35432

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete category. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit ha...

info-security-portfolio

Information Security Portfolio A curated collection of nine e...

CVE-2026-7063

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

secureflow

AI-Powered Smart Contract Security Scanner An automated block...

CVE-2026-7060

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

CVE-2026-7028 CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be...

CVE-2026-7028

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be...

CVE-2026-7023 ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...