PT-2026-3504

A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

CyberPanel-Poc

CyberPanel XSS to RCE CVE-2026-XXXXX One-click Remote Code...

CVE-2026-1120

A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/delwork.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-1120 Yonyou KSOA HTTP GET Parameter del_work.jsp sql injection

A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/delwork.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-1120

CVE-2026-1120 affects Yonyou KSOA 9.0. The vulnerable element is the HTTP GET Parameter Handler in /worksheet/del_work.jsp; manipulating the ID parameter yields SQL injection. The issue is remotely exploitable and the exploit has been publicly disclosed. Vendors were contacted early but did not r...

CVE-2026-1119 itsourcecode Society Management System delete_activity.php sql injection

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-1118

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

Exploit for CVE-2025-67261

CVE-2025-67261 - Content-based blind SQL injection on Abacre R...

Exploit for Path Traversal in Openbsd Openssh

Bastion AI-Powered Penetration Testing Platform for macOS...

EUVD-2026-3189

A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsprelydumps. The manipulation leads to buffer overflow. An attack has to be approached locally. This product is using a rolling release to provide...

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

CVE-2026-1105

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

VulnCheck KEV: CVE-2025-69200

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...

PT-2026-3388

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A SQL injection issue exists in Yonyou KSOA 9.0. The issue is located in the HTTP GET Parameter Handler component, specifically within the /worksheet/del work.jsp file. Manipulation of the ID parameter can...

PT-2026-3393

Name of the Vulnerable Software and Affected Versions PHPGurukul News Portal version 1.0 Description A security flaw exists in PHPGurukul News Portal that allows for cross-site request forgery. This issue is triggered by manipulating an unknown function and can be exploited remotely. The exploit ...

Itsourcecode Society Management System SQL Injection Vulnerability

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Title” in the file...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically for...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically for...

CVE-2026-1105 EasyCMS UserAction.class.php sql injection

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

CVE-2026-1059

FeMiner wms is affected by CVE-2026-1059 via /src/chkuser.php, where manipulating the Username parameter leads to SQL injection. The issue is exploitable remotely and publicly disclosed. Affected versions are prior to the commit 9cad1f1b179a98b9547fd003c23b07c7594775fa; due to the rolling-release...