SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability related to SQL injection, which arises from improper handling of the parameter seenid in the file admin/message.php...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability due to SQL injection caused by the param msg.php file’s msgid operation, which may lead to remote attacks...

xiaozhi-mcphub 路径遍历漏洞

xiaozhi-mcphub is an MCP tool bridge and multi-endpoint management tool adapted to Xiaozhi AI platform by Junsen Huang's personal developer. A path traversal vulnerability exists in xiaozhi-mcphub 1.0.3 and earlier versions, which originates from the operation of the parameter manifest.name in th...

cPanel 输入验证错误漏洞

cPanel is a web-based automated hosting platform developed by cPanel Inc. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to input validation errors, which stem from insufficient input validation in the plugin parameter...

CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

CVE-2026-37431

Affected product: Beauty Parlour Management System v1.1. Vulnerability: SQL injection via the aptnumber parameter in the /appointment-detail.php endpoint. Impact (as stated): Attacker can access sensitive database information by crafting SQL statements; high confidentiality, integrity, and availa...

CVE-2026-8117

CVE-2026-8117 concerns SourceCodester Pizzafy Ecommerce System 1.0. The issue arises from vulnerable handling of the argument in /admin/index.php , allowing cross-site scripting (XSS) via manipulated input. The attack can be carried out remotely and the exploit has been publicly disclosed. The co...

CVE-2026-41929

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

EUVD-2026-28443

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

EUVD-2026-28425

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...

CVE-2026-8098

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2026-8097

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

EUVD-2026-28459

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

CVE-2026-41929

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

CVE-2026-41929 Vvveb < 1.0.8.2 Unauthenticated Reflected XSS via Visual Editor

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...

CVE-2026-8098 code-projects Feedback System checklogin.php sql injection

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2026-8098 code-projects Feedback System checklogin.php sql injection

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2026-42259

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...