CVE-2026-5781

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitati...

CVE-2026-9419

A vulnerability has been found in code-projects Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /empproject.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-7115

A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might ...

PT-2026-28196

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be...

CVE-2026-2867

A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2025-70148

Missing authentication and authorization in printmembershipcard.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference...

PT-2026-7006

Name of the Vulnerable Software and Affected Versions code-projects Contact Management System version 1.0 Description A security flaw exists in the Contact Management System. The issue involves improper authentication due to manipulation of the ID argument within the CRUD Endpoint component. This...

CVE-2025-14639

A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...

CVE-2025-11358 code-projects Simple Banking System removeuser.php sql injection

A weakness has been identified in code-projects Simple Banking System 1.0. Impacted is an unknown function of the file /removeuser.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and...

EUVD-2025-26280

Malicious code in bioql PyPI...

EUVD-2025-28848

Malicious code in bioql PyPI...

CVE-2025-8924

A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

Code-Projects Online Bus Reservation System 安全漏洞

Code-Projects Online Bus Reservation System is a Code-Projects open source online bus reservation system. A security vulnerability exists in Code-Projects Online Bus Reservation System version 1.0, which originates from an incorrect manipulation of the parameter ID in the file /print.php, resulti...

Simple Student Information System Cross-Site Scripting Vulnerability

Simple Student Information System is a web-based application platform by Carlo Montero, an individual developer. It can help a university or college to manage student information and academic records. A cross-site scripting vulnerability exists in Campcodes Simple Student Information System versi...