SOPlanning 跨站脚本漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the taches parameter, which was vulnerable to reflection-type cross-site scripting attacks...

itsourcecode Content Management System SQL注入漏洞

itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the topicid parameter in the file...

student_management_system_by_php SQL注入漏洞

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a SQL injection vulnerability, which stems from the incorrect handling of the Username parameter in the Login component of the logincheck.php file,...

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.23.6 of AstrBot contains a path traversal vulnerability. This vulnerability stems from improper handling of the Name parameter in the/api/skills/delete file within the API Endpoint...

php-censor 操作系统命令注入漏洞

php-censor is a continuous integration server for the open-source PHP project PHP Censor. Versions of php-censor 2.1.6 and earlier contain an operating system command injection vulnerability. This vulnerability stems from incorrect handling of the commitId parameter in the file...

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability in the Student-Management-System’s authorization mechanism; this issue stems from incorrect handling of the parameter “sid” in the file admin/deleteform.php, which ma...

D-Link DI-7001 MINI 安全漏洞

The D-Link DI-7001 MINI is a multi-functional smart gateway from D-Link Corporation. The D-Link DI-7001 MINI, versions prior to 19.09.19A1, have a security vulnerability. This vulnerability stems from the improper handling of the parameter “Time” in the function “sprintf” of the API component’s...

Nextcloud Server 路径遍历漏洞

NextCloud Server is an open-source NextCloud server program developed by NextCloud. Versions of NextCloud Server from 31.0.0 to 31.0.14 and from 32.0.0 to 32.0.4 contained a path traversal vulnerability. This vulnerability occurred when the lang parameter was used in template directory...

9Router 授权问题漏洞

9Router is an intelligent routing and authorization AI model proxy tool developed by decolua’s individual developers. Versions of 9Router prior to 0.4.0 contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of the Host parameter in the function isAuthenticat...

Code-Projects Real State Services SQL注入漏洞

Code-Projects Real State Services is an open-source real estate service developed by Code-Projects. Version 1.0 of Code-Projects Real State Services has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Username” in the “login” component’s file...

CodeAstro Online Job Portal SQL注入漏洞

CodeAstro Online Job Portal is an online job portal operated by CodeAstro Corporation. Version 1.0 of CodeAstro Online Job Portal has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter ID in the file admin/jobs-admins/delete-jobs.php, which may lead t...

CodeAstro Online Job Portal SQL注入漏洞

CodeAstro Online Job Portal is an online job portal operated by CodeAstro Corporation. Version 1.0 of CodeAstro Online Job Portal has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file/users/applicationstatus.php, which may lead to SQL...

PT-2026-45427

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit topic.php. Such manipulation of the argument topic id leads to sql injection. The attack may be launched remotely. The exploit is publicly...

PT-2026-45622

No-Cms 1.0 contains an SQL injection vulnerability in the order by parameter of the manage privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage privilege/index/export with malicious SQL code in the...

PT-2026-45405

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save comment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

PT-2026-45664

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

student_management_system_by_php SQL注入漏洞

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a SQL injection vulnerability, which stems from the incorrect handling of the 'role' parameter in the User Creation Handler component of the...

PT-2026-45396

A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out...

PT-2026-45395

A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might...

WhatsApp MCP Server 路径遍历漏洞

WhatsApp MCP Server is a WhatsApp messaging search and sending tool developed by Luke Harries. Version 0.0.1 of WhatsApp MCP Server has a path traversal vulnerability. This vulnerability stems from incorrect handling of the mediaPath parameter in the SendAPIEndpoint component’s SendMessageRequest...