EUVD-2026-31707

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...

CVE-2026-9471

CVE-2026-9471 affects yashpokharna2555 StudentManagementSystem, specifically the /student.php file. The description states that manipulating the FIRST_NAME argument allows cross-site scripting, with remote initiation and a publicly available exploit. No product version details are provided. CVSS ...

CVE-2026-9470

The CVE-2026-9470 entry concerns the yashpokharna2555 StudentManagementSystem. A SQL injection vulnerability affects the file student_trans.php, in the function confirm_logged_in, resulting from manipulation of the FIRST_NAME/Last_Name/EMAIL arguments. Attacks can be launched remotely. Public dis...

CVE-2018-25374

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

CVE-2018-25363

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

EUVD-2026-31701

A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. T...

CVE-2018-25370 Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

CVE-2018-25363 Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

CLSA-2026-1779292803 Fix CVE(s): CVE-2026-6735

SECURITY UPDATE: XSS within status endpoint in PHP-FPM - debian/patches/CVE-2026-6735.patch: XSS within status endpoint in PHP-FPM - CVE-2026-6735...

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

CVE-2026-9446

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

CVE-2026-9447

SourceCodester Simple POS and Inventory System 1.0 contains a SQL injection vulnerability in the /user/search.php endpoint, triggered by manipulating the Name parameter. This is a network-accessible issue reported as remote, with the exploit publicly available. The connected documents provide the...

EUVD-2026-31660

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

CVE-2026-9445

CVE-2026-9445 affects SourceCodester Simple POS and Inventory System 1.0. The vulnerability is in an unrestricted upload through the /admin/addproduct.php file (File Extension Handler); manipulating the image argument enables remote code upload. Impact and exploitation details indicate remote exp...

CVE-2026-9444

SourceCodester Simple POS and Inventory System 1.0 is affected in /admin/deleteproduct.php (GET Parameter Handler). The vulnerability occurs when the ID argument is manipulated, resulting in SQL injection. The issue may be exploited remotely and the exploit is public. No additional technical deta...

PHP CGI - Argument Injection

PHP CGI - Argument Injection CVE-2024-4577 is a critical argument injection flaw in PHP. id: CVE-2024-4577 info: name: PHP CGI - Argument Injection author: Hüseyin TINTAŞ,sw0rk17,s4e-io,pdresearch severity: critical description: | PHP CGI - Argument Injection CVE-2024-4577 is a critical argument...

WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...