433 matches found
CVE-2026-14694 SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php cancel_order sql injection
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...
EUVD-2026-41716
A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancelorder of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit h...
PT-2026-43939
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The run unpack function in the ntfs3 driver fails to verify if the size size and offset size bytes read via run unpack s64 fit within the remaining buffer, despite checking run buf run...
EUVD-2026-31569
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
PT-2026-42913
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save patient history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a null pointer check for inode operations This adds a sanity check for the iop pointer of the inode, which is returned after reading the Root directory MFT record. We should check that the iop is valid before...
Astra Linux – Vulnerability in ntfs-3g
In NTFS-3G versions before version 2021.8.22, when a specially crafted NTFS attribute is provided to the function ntfsgetattributevalue, a heap buffer overflow can occur, potentially leading to memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access,...
Astra Linux – Vulnerability in ntfs-3g
NTFS-3G versions prior to 2021.8.22 may experience a heap buffer overflow when a specially crafted NTFS attribute is set up using the function ntfsattrsetupflag. This could allow code execution and an escalation of privileges...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel up to version 6.2.7, fs/ntfs3/inode.c contains an invalid kfree function because it does not validate the MFT flags before replaying logs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed the missing iop in ntfsreadmft. There is a null pointer dereference issue because iop == NULL. This bug occurs because we do not initialize iop for records in $Extend$...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013468)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013468 advisory. In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Tenable has extracted the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010744)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010744 advisory. In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Tenable has extracted the...
CVE-2026-6573
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
EUVD-2026-23703
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
PT-2026-33631
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
PHPEMS 安全漏洞
PHPEMS is an open-source PHP online simulation exam system. Version PHPEMS 11.0 contains a security vulnerability, which stems from the operation of the uploadfile parameter in the file /app/exam/controller/exams.master.php. This operation leads to server-side request forgeing, potentially allowi...
CVE-2026-26883
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=deleteappointment...
CVE-2026-2848 SourceCodester Simple Responsive Tourism Website Registration Master.php sql injection
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be...
CVE-2026-2160
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...
PT-2026-6990
Name of the Vulnerable Software and Affected Versions SourceCodester Simple Responsive Tourism Website version 1.0 Description A flaw exists in SourceCodester Simple Responsive Tourism Website version 1.0, specifically within an unknown function of the file /tourism/classes/Master.php?f=register...