PT-2026-24051

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo send' parameter in the '/assets/php/calculate discount.php'...

RHEL 9 : php (RHSA-2026:4086)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4086 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...

TLS 1.3 SNI Scanner

A command-line PHP vulnerability testing tool was developed to analyze TLS behavior through observation and logical reasoning, rather than relying on fixed rules or CVE numbers. The tool establishes multiple TLS connections to the same server and port using different SNI values. It then compares...

Chamilo index.php file SQL injection vulnerability

Chamilo is a learning management system open source by Chamilo. Chamilo index.php file contains a SQL injection vulnerability , an attacker can use the vulnerability to execute illegal SQL commands to steal sensitive database data...

📄 tpAdmin 1.3.12 Shell Upload

tpAdmin versions 1.3.12 and below suffer from a remote shell upload vulnerability due to improper validation of file uploads within the preview.php component under /admin/lib/webuploader/0.1.5/server/...

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect operations with the sell...

RHEL 9 : php (RHSA-2026:4077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4077 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...

openSUSE Security Advisory (SUSE-SU-2026:0825-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-3771 SourceCodester/janobe Resort Reservation System accomodation.php sql injection

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

CVE-2026-3763

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could b...

CVE-2026-3763 code-projects Simple Flight Ticket Booking System showhistory.php cross site scripting

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could b...

CVE-2026-3754

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /addstock.php. Performing a manipulation of the argument cost results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-3745

A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-3745

CVE-2026-3745 affects code-projects’ Student Web Portal 1.0. An unknown function in profile.php allows manipulation of the User argument, resulting in an SQL injection. The vulnerability is remotely exploitable and, per the sources, the exploit has been publicly disclosed. Affected impact is desc...

CVE-2026-3744

A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valregpasswdation of the file signup.php. The manipulation of the argument regpasswd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2026-3744 code-projects Student Web Portal signup.php valreg_passwdation sql injection

A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valregpasswdation of the file signup.php. The manipulation of the argument regpasswd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2026-3744

CVE-2026-3744 affects code-projects Student Web Portal 1.0. The vulnerability is in the function valreg_passwdation of signup.php, where the reg_passwd argument can be manipulated to trigger a SQL injection. It is a remote, publicly disclosed exploit (PoC present in multiple sources). The issue i...

CVE-2026-3737

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file adduser.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has bee...

CVE-2026-3723

A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released t...

CVE-2026-3724

The CVE-2026-3724 issue affects SourceCodester Patients Waiting Area Queue Management System 1.0, with a vulnerability in /checkin.php where manipulating the argument patient_id causes improper authorization. This can be triggered remotely and an exploit is publicly available. Impact is described...