CVE-2026-37597

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/attendancelist.php...

Chamilo SQL注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Version Chamilo 2.0.0-RC.2 contains a SQL injection vulnerability. This vulnerability stems from SQL injection issues with the statistical AJAX endpoints. It may allow authenticated administrators to execute time-based bli...

PT-2026-32970

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

Hotel management system using php and mysql. 安全漏洞

Hotel Management System Using PHP and MySQL is a hotel management system developed by Alan Dsilva. Version 1.0 of this system has a security vulnerability, which stems from improper handling of the roomid GET parameter in the file /public/admin/edit-room.php. This vulnerability could allow...

CVE-2026-38528

CVE-2026-38528 affects Krayin CRM v2.2.x and is a SQL injection vulnerability exploitable via the rotten_lead parameter in /Lead/LeadDataGrid.php. The NVD/NVD-derived metrics show CVSS 3.1 base score 7.1 (High), with Network attack vector, Low attack complexity, Privileges Required: Low, User Int...

CVE-2026-37594

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewemployee.php...

PT-2026-32642

CVE-2026-37602 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage user.php. https://t.co/KXDGr8fSPw...

CVE-2026-37591

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/viewdetails.php...

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There are security vulnerabilities in Microsoft SQL Server. Attackers can exploit these vulnerabilities to execute code...

School-Management-System 安全漏洞

School-Management-System is a school management system developed by Lahiru Danushka. Version 1.0 of School-Management-System has security vulnerabilities. These vulnerabilities stem from SQL injection attacks, which could allow unauthorized or authenticated remote attackers to manipulate SQL quer...

PT-2026-32569

CVE-2026-34262 - SAP HANA Cockpit leaks X.509 private keys via Database Explorer access patching isn't enough here. the keys are already out. if you're affected, you need to manually revoke and rotate certificates or the door stays open for server impersonation. that's the part most teams will...

CVE-2026-37595

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/manageemployee.php...

Microsoft SQL Server SQL注入漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. Microsoft SQL Server has a SQL injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following product...

SAP ERP和SAP S/4HANA 安全漏洞

SAP ERP and SAP S/4HANA are both products of the German company SAP. SAP ERP is a suite of software used for ERP management. SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system. There are security vulnerabilities in SAP ERP and SAP S/4HANA...

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

PT-2026-32636

CVE-2026-37595 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/manage employee.php. https://t.co/mf3uV1c2ec...

EUVD-2026-22041

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

SQL Injection

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to SQL Injection via the hasVariant or hasProduct properties, which bypass input sanitization in subqueries. An attacker can extract arbitrary database contents, including sensitive security keys, by...

CVE-2026-35597

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP validation fails, the login handler in pkg/routes/api/v1/login.go calls HandleFailedTOTPAuth and then...