PT-2026-27199

A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first Name leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and...

Simple E-Learning System SQL注入漏洞

Simple E-Learning System is a simple e-learning system developed by Carlo Montero as an individual project. Version 1.0 of Simple E-Learning System has a SQL injection vulnerability. This vulnerability stems from improper handling of the firstName parameter in the User Profile Update Handler...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the discrepancy in error messages during the identity-first login process when organizations are enabled. This vulnerability could lead to user...

EUVD-2026-14310

A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainerid/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publ...

EUVD-2026-13567

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admineditemployee.php. Executing a manipulation of the argument FirstName can lead to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-4471

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admineditemployee.php. Executing a manipulation of the argument FirstName can lead to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-4471

CVE-2026-4471 affects itsourcecode Online Frozen Foods Ordering System 1.0. The vulnerability is in the /admin/admin_edit_employee.php component where manipulating the First_Name argument can cause a SQL injection. The issue is exploitable remotely and public exploits exist. No remediation/patch ...

PT-2026-26563

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin edit employee.php. Executing a manipulation of the argument First Name can lead to sql injection. It is possible to launch the attack remotely. The exploit...

PT-2026-26565

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

EUVD-2026-13340

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post Edits admin report /admin/reports/postedits leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access...

EUVD-2026-13124

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...

EUVD-2026-13128

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

CVE-2026-32868

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

CVE-2026-32868

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

CVE-2026-32868 OPEXUS eComplaint and eCASE XSS via my information

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

CVE-2026-32866

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...

CVE-2026-32866

OPEXUS eComplaint and eCASE prior to version 10.2.0.0 are affected by a stored XSS vulnerability in profile name handling. An authenticated user can inject parts of an XSS payload into their first and last name fields, and the payload is executed when the full name is rendered, allowing script ex...

EUVD-2026-12815

Juju affected by timing ownership claim attack on new external back-end secrets...

Incorrect Ownership Assignment

Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment in the secrets management process. An attacker can gain unauthorized access to sensitive information by exploiting a race condition between the generation of a secret ID and the creation of the secret's...

Juju affected by timing ownership claim attack on new external back-end secrets

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...