CVE-2026-10253 itsourcecode Online House Rental System manage_payment.php sql injection

A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /managepayment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

EUVD-2026-16036

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

CVE-2026-33931

Vulnerability summary (CVE-2026-33931) : OpenEMR prior to version 8.0.0.3 contains an insecure direct object reference (IDOR) in the patient portal payment page. By manipulating the recid parameter in portal/portal_payment.php, any authenticated portal patient could access other patients’ payment...

CVE-2026-0751

The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricingplanselecttextfontfamily' parameter in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0751 Payment Page | Payment Form for Stripe <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter

The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricingplanselecttextfontfamily' parameter in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0751 Payment Page | Payment Form for Stripe <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter

The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricingplanselecttextfontfamily' parameter in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0751

CVE-2026-0751 concerns the WordPress plugin “Payment Page | Payment Form for Stripe”. The Wordfence entry documents a stored cross‑site scripting (XSS) vulnerability via the parameter pricing_plan_select_text_font_family in all versions up to and including 1.4.6, caused by insufficient input sani...

WordPress plugin Payment Page 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Payment Page | Payment Form for Stripe plugin <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'pricingplanselecttextfontfamily' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Payment Page versions = 1.4.6...

CVE-2025-11589 CodeAstro Gym Management System user-payment.php sql injection

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

CodeAstro Gym Management System SQL注入漏洞

CodeAstro Gym Management System is a gym management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Gym Management System version 1.0, which stems from an incorrect manipulation of the parameter plan in the file /admin/user-payment.php, which could lead to an SQL injectio...

EUVD-2025-30843

Malicious code in bioql PyPI...

EUVD-2023-46421

Malicious code in bioql PyPI...

CVE-2025-10840

A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/print-payment.php. This manipulation of the argument sql111 causes sql injection. The attack can be initiated remotely. The exploit has been made available to...

CVE-2025-10840

CVE-2025-10840 affects SourceCodester Pet Grooming Management Software 1.0. The vulnerability is a SQL injection in the file /admin/print-payment.php via manipulation of the sql111 argument, enabling remote exploitation. Public exploits exist. Multiple sources report impact across confidentiality...

SourceCodester Pet Grooming Management Software SQL注入漏洞

SourceCodester Pet Grooming Management Software is an open source pet grooming management system from SourceCodester. A SQL injection vulnerability exists in SourceCodester Pet Grooming Management Software version 1.0, which originates from an incorrect manipulation of parameter sql111 in file...

Campcodes Sales and Inventory System 安全漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. A security vulnerability exists in Campcodes Sales and Inventory System version 1.0, which originates from a SQL injection due to incorrect manipulation of the parameter cid in the file /pages/paymentadd.php...

PT-2025-27484 · Unknown · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file "/pages/payment add.php". The manipulation of the cid argument leads to SQL injection. Th...