Tesla 安全漏洞

Tesla is an HTTP client software open source by Elixir Tesla. Versions of Tesla from 0.8.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of escaping of the Content-Disposition parameter value, which could lead to multipart header injection attacks...

PT-2026-45724

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

PT-2026-45818

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.88 Description A remote SQL injection is possible through the manipulation of the msg argument within the dede htmlspecialchars function located in the '/plus/flink.php' file. Recommendations As a temporary workaround,...

CVE-2026-10299

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

CVE-2026-10299

The CVE affects code-projects Online Hospital Management System 1.0. A flaw in viewdoctortimings.php allows manipulation of the delid parameter, leading to improper control of resource identifiers (an IDOR-like issue) that can be exploited remotely. The exploit is publicly available. The descript...

CVE-2026-10299

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

CVE-2026-10299 code-projects Online Hospital Management System viewdoctortimings.php resource injection

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

CVE-2026-10299 code-projects Online Hospital Management System viewdoctortimings.php resource injection

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

CVE-2026-10290

A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched...

CVE-2018-25429

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

CVE-2018-25433

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...

CVE-2018-25428

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

CVE-2026-10297

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

CVE-2026-10297 itsourcecode Fees Management System manage_course.php sql injection

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

CVE-2026-10155

A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accountsreportsearch of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDat...

CVE-2026-10112

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-10111

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...

CVE-2026-49489

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

CVE-2026-10296

CVE-2026-10296 affects itsourcecode Fees Management System 1.0. The vulnerability concerns the /ajax.php file, where manipulation of the Username argument can lead to SQL injection. The attack can be performed remotely, and a publicly disclosed exploit exists. No remediation or patch details are ...

CVE-2026-10296 itsourcecode Fees Management System ajax.php sql injection

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...