EUVD-2026-36755

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actiondialcall via the dialNumber parameter...

CVE-2026-38064

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actiondialcall via the dialNumber parameter...

PT-2026-49295

Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action dial call function through the dialNumber parameter. Recommendations At the moment, there is no information about a newer version that contains...

ClipBucket V5 SQL注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 132 – contained an SQL injection vulnerability. This vulnerability stemmed from the number parameter in the POST /actions/subtitleedit.php reques...

CVE-2026-10289 code-projects Hotel and Tourism Reservation System tour.php cross site scripting

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

CVE-2026-40812 Unauthenticated SQLi in getLiveValues function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43552

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

CVE

Vulnerability Report: Unauthenticated SQL Injection in Hospita...

CVE-2026-39110

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...

CVE-2024-51223

A stored cross-site scripting XSS vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter...

CVE-2024-51223

A stored cross-site scripting XSS vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter...

CVE-2024-51223

A stored cross-site scripting XSS vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter...

CVE-2024-51223

A stored cross-site scripting XSS vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter...

PT-2026-27139

A stored cross-site scripting XSS vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter...

CVE-2026-3711

A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed...

CVE-2026-3705

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made...

EUVD-2026-10226

A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released t...

EUVD-2026-10212

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made...