25 matches found
EUVD-2026-33763
A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...
PT-2026-45172
A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax forgot password of the file application/controllers/Login.php of the component Forgot Password Endpoint. Th...
GO-2026-4687 OliveTin's email argument makes compliance harder, enables log injection in github.com/OliveTin/OliveTin
OliveTin's email argument makes compliance harder, enables log injection in github.com/OliveTin/OliveTin. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
CVE-2025-12277
A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argument Email causes sql injection. The attack is possible to be carried out remotely. The exploit has...
PT-2025-44003
Name of the Vulnerable Software and Affected Versions PHPGurukul Curfew e-Pass Management System version 1.0 Description A flaw exists in PHPGurukul Curfew e-Pass Management System version 1.0. Manipulation of the adminname/email argument within an unknown function of the admin-profile.php file c...
EUVD-2024-27776
Malicious code in bioql PyPI...
EUVD-2024-51167
Malicious code in bioql PyPI...
PT-2025-37372
Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A flaw has been found in MiczFlor RPi-Jukebox-RFID. The manipulation of the Email address argument in an unknown function of the file /htdocs/inc.setWlanIpMail.php causes cross site...
CVE-2025-8437 code-projects Kitchen Treasure userregistration.php sql injection
A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclose...
PT-2025-24007 · Sourcecodester · Sourcecodester Open Source Clinic Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Open Source Clinic Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Open Source Clinic Management System. The issue affects an unknown function of the file /login.php. The...
PT-2025-18199 · Vmsman · Vmsman
Name of the Vulnerable Software and Affected Versions: VMSMan up to 20250416 Description: A problem was found in the software. It affects some unknown functionality of the file /login.php. The issue can be exploited by manipulating the Email argument with the input "alert1, leading to cross-site...
CVE-2024-12883
CVE-2024-12883 affects code-projects Job Recruitment 1.0. The vulnerability is in the file /_email.php where manipulation of the email parameter leads to cross-site scripting. Attacks can be launched remotely, and public disclosures exist. The available documents consistently indicate an XSS risk...
CVE-2024-11077
A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...
PT-2024-37576 · Unknown · Tailoring Management System
Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: A critical issue was found in the Tailoring Management System, affecting the file customeradd.php. The manipulation of the fullname, address, phonenumber, sex, email, city, and comment...
CVE-2024-6111
The CVE-2024-6111 entry describes a SQL injection in Bethesda Online Reservation System (itsourcecode Pool of Bethesda Online Reservation System) version 1.0, affecting an unknown portion of login.php. The root cause is manipulation of the email parameter, enabling remote exploitation with disclo...
PT-2024-37389 · Bethesda · Bethesda Online Reservation System
Name of the Vulnerable Software and Affected Versions: Bethesda Online Reservation System version 1.0 Description: A critical vulnerability was found in the Bethesda Online Reservation System, affecting the file index.php. The manipulation of the log email argument leads to SQL injection. The...
CVE-2024-1830
CVE-2024-1830 affects code-projects Library System 1.0. The vulnerable component is the file Source/librarian/user/student/lost-password.php, where the manipulation of the email parameter leads to an SQL injection. The issue can be exploited remotely and the exploit has been disclosed publicly. R...
CVE-2023-5695
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pagesresetpwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25alert9860 leads to...
CVE-2023-5271
CVE-2023-5271 affects SourceCodester Best Courier Management System v1.0, where the file edit_parcel.php exposes a SQL injection via the email parameter in an unknown functionality. The root cause is improper input handling in the edit_parcel.php routine, enabling attacker-controlled SQL executio...