Important: php8.5

Issue Overview: uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. CVE-2026-42371 In uriparser before 1.0.2, there is pointer difference truncation to int in various places. CVE-2026-44927 In uriparser before 1.0.2, t...

CVE-2026-9484 SourceCodester Student Grades Management System classroom.php removeStudentFromClassroom improper authorization

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroomid can lead to improper authorization...

CVE-2026-9474

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...

CVE-2026-9471

A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRSTNAME results in cross site scripting. The attack can be initiated remotely...

EUVD-2026-31707

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...

CVE-2026-9471

CVE-2026-9471 affects yashpokharna2555 StudentManagementSystem, specifically the /student.php file. The description states that manipulating the FIRST_NAME argument allows cross-site scripting, with remote initiation and a publicly available exploit. No product version details are provided. CVSS ...

CVE-2026-9470

The CVE-2026-9470 entry concerns the yashpokharna2555 StudentManagementSystem. A SQL injection vulnerability affects the file student_trans.php, in the function confirm_logged_in, resulting from manipulation of the FIRST_NAME/Last_Name/EMAIL arguments. Attacks can be launched remotely. Public dis...

CVE-2018-25374

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

CVE-2018-25363

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

EUVD-2026-31701

A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. T...

CVE-2018-25370 Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

CVE-2018-25363 Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

CLSA-2026-1779292803 Fix CVE(s): CVE-2026-6735

SECURITY UPDATE: XSS within status endpoint in PHP-FPM - debian/patches/CVE-2026-6735.patch: XSS within status endpoint in PHP-FPM - CVE-2026-6735...

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

CVE-2026-9446

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

CVE-2026-9447

SourceCodester Simple POS and Inventory System 1.0 contains a SQL injection vulnerability in the /user/search.php endpoint, triggered by manipulating the Name parameter. This is a network-accessible issue reported as remote, with the exploit publicly available. The connected documents provide the...

EUVD-2026-31660

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...