CVE-2026-4241 itsourcecode College Management System time-table.php sql injection

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument coursecode leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

CVE-2025-52637 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

CVE-2025-52637 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

CVE-2025-52637

The CVE-2025-52637 family concerns HCL AION, an AI lifecycle management platform, where certain offering configurations may allow execution of potentially harmful SQL queries. The root cause described across connected sources is insufficient validation or restrictions on query execution, which co...

CVE-2026-4237 itsourcecode Free Hotel Reservation System index.php sql injection

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-4236 itsourcecode Online Enrollment System index.php sql injection

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The explo...

CVE-2026-4236

The CVE-2026-4236 entry concerns itsourcecode Online Enrollment System 1.0. The vulnerability affects the file /enrollment/index.php?view=add, where manipulating the arguments txtsearch, deptname, or name leads to SQL injection. The issue is exploitable remotely, and the exploit is publicly discl...

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-362...

CVE-2026-4235 itsourcecode Online Enrollment System login.php sql injection

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-4235

CVE-2026-4235 affects itsourcecode Online Enrollment System 1.0. The vulnerability is an SQL injection in /sms/login.php via the user_email parameter, exploitable remotely over the network (no authentication). The cited exploit is PROOF-OF-CONCEPT. Impact is described in metrics as CONFIDENTIALIT...

CVE-2026-4232 Tiandy Integrated Management Platform getAuthorityByUserId sql injection

A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The...

CVE-2026-4223

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manageemployee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might b...

Apache IoTDB Improper Input Validation Vulnerability

Apache IoTDB is an open source time series database developed by Apache Software Foundation for large-scale time series data storage and analysis in IoT scenarios. Apache IoTDB suffers from an improper input validation vulnerability. The vulnerability arises because the system does not perform...

EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2026-1414)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the...

Express - Node.js API with PostgreSQL 代码问题漏洞

Express - Node.js API with PostgreSQL is a RESTful API service developed by Jawher Kl, based on Node.js and PostgreSQL. There are code issues and vulnerabilities in versions 2.5 and earlier of Express - Node.js API with PostgreSQL. These vulnerabilities stem from incorrect operations on the...

RealtyScript SQL注入漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability. This vulnerability stems from time-based blind SQL injections, which may allow unverified attackers to extract database information by injecting...

PT-2026-25633

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might ...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a lack of validation or restriction on SQL query execution, which can be exploited by an attacker to cause unexpected database interactions or information leakage...

PT-2026-25756

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...