EUVD-2026-31667

A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public a...

PT-2026-35499

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update passwd process.php. The manipulation of the argument temp user results in authorization bypass. The attack can be launched remotely. The exploit has been...

PT-2026-35420

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save category. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released ...

CVE-2026-6134

A security flaw has been discovered in Tenda F451 1.0.0.7cnsvn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The...

EUVD-2026-22063

A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used...

EUVD-2026-19038

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

EUVD-2026-17168

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

EUVD-2026-4978

A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper authorization. Remote...

CVE-2026-1142 PHPGurukul News Portal cross-site request forgery

A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks...

CVE-2026-1135

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...

EUVD-2026-0002

A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public an...

EUVD-2025-201425

A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmakedown.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

PT-2025-49022

Name of the Vulnerable Software and Affected Versions XunRuiCMS versions up to 4.7.1 Description A security flaw exists in XunRuiCMS, specifically within the Email Setting Handler component. The issue involves server-side request forgery, potentially allowing remote exploitation. The flaw is...

PT-2025-47147

Name of the Vulnerable Software and Affected Versions itsourcecode Online Voting System version 1.0 Description A security flaw exists in itsourcecode Online Voting System version 1.0. The issue involves SQL injection stemming from manipulation of the ID argument within the file...

PT-2025-45500

Name of the Vulnerable Software and Affected Versions mruby version 3.4.0 Description A flaw exists in mruby version 3.4.0 within the ary fill exec function located in the file mrbgems/mruby-array-ext/src/array.c. Manipulation of the start and length arguments can result in an out-of-bounds write...

PT-2025-43883

Name of the Vulnerable Software and Affected Versions projectworlds Expense Management System version 1.0 Description A security flaw exists in projectworlds Expense Management System 1.0. The issue involves cross site scripting and affects an unknown function within the /public/admin/roles/creat...

CVE-2025-11610

A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName results in sql injection. The attack can be executed remotely. The exploit has been released to the...

PT-2025-41608

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security flaw exists in CodeAstro Gym Management System 1.0. The issue involves a SQL injection impacting an unknown function within the /admin/user-payment.php file. Manipulation of th...

PT-2025-38747

Name of the Vulnerable Software and Affected Versions Campcodes Online Beauty Parlor Management System version 1.0 Description A security flaw exists in Campcodes Online Beauty Parlor Management System. The issue involves SQL injection due to the manipulation of the editid argument in the...

CVE-2025-9396

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function GIstrtollinternal of the file strtoll.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be...