CVE-2026-33479

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...

WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Apicona versions = 24.1.0...

WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Meloo versions 2.8.2...

CVE-2025-41008

CVE-2025-41008 affects Sinturno via SQL injection in the /_adm/scripts/modalReport_data.php endpoint, using the 'client' parameter. The vulnerability allows an attacker to retrieve, create, update, and delete databases, with network attack vector, low attack complexity, and no privileges required...

WordPress Borgholm theme < 1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Borgholm versions 1.6...

WordPress Ricky theme < 2.31 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Ricky versions 2.31...

WordPress Tasty Daily theme < 1.27 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Tasty Daily versions 1.27...

WordPress Goldish theme < 3.47 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Goldish versions 3.47...

EUVD-2026-14384

A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/updates4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made public...

CVE-2026-4579 code-projects Simple Laundry System Parameters viewdetail.php sql injection

A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-4578

CVE-2026-4578 affects code-projects Exam Form Submission 1.0. The vulnerability is in the unknown function of /admin/update_s3.php, where manipulating the sname argument can lead to cross-site scripting. The attack can be launched remotely, and public disclosure of the exploit is noted. No remedi...

CVE-2026-4578 code-projects Exam Form Submission update_s3.php cross site scripting

A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/updates3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicl...

CVE-2026-4577 code-projects Exam Form Submission update_s4.php cross site scripting

A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/updates4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made public...

CVE-2026-4577

A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/updates4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made public...

CVE-2026-4577

CVE-2026-4577 affects code-projects Exam Form Submission 1.0. The vulnerability is in an unknown function of the file /admin/update_s4.php, where manipulating the argument sname can trigger cross-site scripting. The issue could be exploited remotely and the exploit has been made public. No furthe...

CVE-2026-4573

A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...

CVE-2026-4576 code-projects Exam Form Submission update_s5.php cross site scripting

A vulnerability has been found in code-projects Exam Form Submission 1.0. Impacted is an unknown function of the file /admin/updates5.php. Such manipulation of the argument sname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and m...

CVE-2026-4576

CVE-2026-4576 affects code-projects Exam Form Submission 1.0. The issue is in an unknown function of /admin/update_s5.php where manipulation of the parameter sname triggers cross-site scripting. The attack can be launched remotely and public exploit information exists. The connected sources list ...

CVE-2026-4575

The CVE-2026-4575 entry concerns code-projects Exam Form Submission 1.0, where the argument sname in /admin/update_s2.php can be manipulated to trigger cross-site scripting. The flaw can be exploited remotely, and an exploit has been published and may be used. The available documents specify the ...

EUVD-2026-14339

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...