Lucene search
K

18 matches found

CVE
CVE
added 5 hours ago8 views

CVE-2026-15523

CVE-2026-15523 affects CodeAstro Simple Online Leave Management System 1.0. The vulnerability is in the /SimpleOnlineLeave/admin/dashboard.php file, where manipulation of the Name argument enables SQL injection. The issue can be triggered remotely and a public exploit is available. The supplied s...

6.5CVSS6.5AI score
Exploits0References6
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43265

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS6.5AI score
Exploits0References6
CVE
CVE
added 5 days ago9 views

CVE-2026-15134

CodeAstro Simple Online Leave Management System 1.0 contains a SQL injection vulnerability in the /SimpleOnlineLeave/index.php endpoint, triggered by manipulating the email parameter. The issue is exploitable remotely over the network, with Proof-of-Concept exploits observed. The CVSS data indica...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 12:16 p.m.14 views

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 11:0 a.m.42 views

CVE-2026-11508

CodeAstro Leave Management System 1.0 contains a SQL injection in /admin/search_staff_to_assign_pc.php via manipulation of the Name parameter. The vulnerability is exploitable remotely, with exploit information publicly disclosed and proof-of-concept activity indicated by CVSS/ExploitMaturity dat...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/02 10:45 a.m.2 views

CVE-2026-5326 SourceCodester Leave Application System User Information index.php authorization

A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manageuser of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely...

6.9CVSS5.8AI score0.00404EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/09 12:30 a.m.8 views

EUVD-2026-1658

A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...

4.8CVSS5.1AI score0.00238EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/08 10:2 p.m.29 views

CVE-2026-0730 PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting

A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...

4.8CVSS0.00238EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/08 10:2 p.m.4 views

CVE-2026-0730 PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting

A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...

4.8CVSS5.2AI score0.00238EPSS
Exploits1References5
CVE
CVE
added 2026/01/08 10:2 p.m.13 views

CVE-2026-0730

PHPGurukul Staff Leave Management System 1.0 is affected by a cross-site scripting vulnerability in the SVG File Handler, specifically the ADD_STAFF/UPDATE_STAFF function in /staffleave/slms/slms/adminviews.py. Manipulating the profile_pic argument can trigger XSS, with remote exploitation report...

4.8CVSS5.2AI score0.00238EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/01/05 12:0 a.m.24 views

CVE-2025-67315

...

0.0007EPSS
Exploits0
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.4 views

Projectworlds Leave Management System Project SQL Injection Vulnerability

Projectworlds Leave Management System Project is a leave management system project by Projectworlds India. A SQL injection vulnerability exists in Projectworlds Leave Management System Project v1.0, which stems from the "setearnleave" parameter of admin/setleaves.php not validating incoming...

8.8CVSS7.9AI score0.00646EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.11 views

PT-2023-29568 · Unknown · Jorani Leave Management System

Name of the Vulnerable Software and Affected Versions: Jorani Leave Management System version 1.0.3 Description: The issue allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. This can potentially lead to malicious...

6.5CVSS6.7AI score0.00515EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/12/07 12:0 a.m.4 views

Online Leave Management System 代码问题漏洞

Sourcecodester Online Leave Management System is an online leave management system. A security vulnerability exists in Online Leave Management System v1.0, which originates from a file upload vulnerability found in /leavesystem/classes/SystemSettings.php?f=updatesettings. An attacker could exploi...

7.2CVSS7.5AI score0.01034EPSS
Exploits1References2
OSV
OSV
added 2022/09/26 1:15 p.m.5 views

CVE-2022-40928

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leavesystem/classes/Master.php?f=deleteapplication...

7.2CVSS5.8AI score0.0083EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/09/26 12:0 a.m.4 views

Online Leave Management System SQL注入漏洞

Online Leave Management System is an online leave management system. SQL injection vulnerability exists in Online Leave Management System v1.0, which originates from /leavesystem/classes/Master.php?f=delete leavetype lacks validation for external input SQL statements. An attacker could use this...

7.2CVSS8.2AI score0.00812EPSS
Exploits1References2
OSV
OSV
added 2022/09/05 2:15 p.m.2 views

CVE-2022-3121

A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be...

8.8CVSS4.7AI score
Exploits0References1
CNVD
CNVD
added 2020/06/02 12:0 a.m.1 views

SQL Injection Vulnerability in Appform for Leave System

Qixing Leave System includes leave, overtime, approval, annual leave, transfer, work calendar and report modules. SQL injection vulnerability exists in the Leave System Appform, which can be exploited by attackers to obtain sensitive information from the database...

7.7AI score
Exploits0
Rows per page
Query Builder