CVE-2026-9607

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

CVE-2026-9607

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcellist.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

PT-2026-32638

CVE-2026-37597 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/attendance list.php. https://t.co/BrIlAICBVy...

CVE-2026-37597

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/attendancelist.php...

CVE-2026-37597

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/attendancelist.php...

HotGo-V2 代码注入漏洞

HotGo-V2 is a secondary development framework developed by Meng Shuai as an individual project. Both the HotGo 1.0 and 2.0 versions contained code injection vulnerabilities. These vulnerabilities stemmed from incorrect operations on files located at...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization in the list.json.php endpoints of multiple plugins, which lack authentication and authorization checks. An attacker can retrieve sensitive...

Serverless Express 安全漏洞

Serverless Express is an open-source library from Code Genie that allows for running Node.js web applications in a serverless environment. Serverless Express versions 4.17.1 and earlier contain a security vulnerability. This vulnerability stems from incorrect handling of the parameter userId in t...

Vitess 路径遍历漏洞

Vitess is an open-source database cluster system developed by Vitess, designed for horizontal scaling of MySQL databases. Versions of Vitess prior to 23.0.3 and 22.0.4 contained a path traversal vulnerability. This vulnerability stemmed from the possibility of manipulating the backup list file,...

CVE-2025-63624

SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imeilist.aspx file...

EUVD-2025-206728

SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imeilist.aspx file...

CVE-2025-63624

SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imeilist.aspx file...

CVE-2025-15181

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. Th...

CVE-2025-14711

A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried...

CVE-2025-14710

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

CVE-2025-14711

A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried...

CVE-2025-14710 FantasticLBP Hotels Server OrderList.php sql injection

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

FantasticLBP Hotels Server SQL注入漏洞

FantasticLBP Hotels Server is a hotel reservation system backend management system by FantasticLBP individual developers. FantasticLBP Hotels Server suffers from a SQL injection vulnerability, which stems from the incorrect manipulation of the parameter telephone in the file...

CVE-2025-13484

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/customer-list.php. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit is...

EUVD-2012-3968

Malware in sbrugna...