PT-2026-35336

A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the publi...

CVE-2026-38935

Diskover Community is affected by a reflected XSS in public/view.php via the doctype parameter, impacting versions

Code-Projects Chat System 加密问题漏洞

Code-Projects Chat System is an open-source chat system developed by Code-Projects. Version 1.0 of the code-projects Chat System has a security vulnerability related to encryption. This vulnerability stems from the parameter “Password” in the MD5 Hash Handler component’s “updateuser.php” file,...

CVE-2026-38936

Diskover-Community

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from unknown code in the 370project/delete.php file, which...

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from the operation of an unknown function in the...

EUVD-2026-25890

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

CVE-2026-38936

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/selectindices.php via the namecontains parameter...

EUVD-2021-23041

SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...

PT-2026-35457

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

CVE-2021-36438

The CVE-2021-36438 entry concerns a SQL injection in the Sourcecodester Online Job Portal phppdo 1.0, exploitable via the category parameter in /jobportal/index.php. Affected component: the phppdo 1.0 web app; root cause is unvalidated input in category leading to SQL injection. Impact is describ...

Juniper Junos OS Multiple Vulnerabilities (JSA88120)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88120 advisory. - In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length...

[SECURITY] Fedora 44 Update: roundcubemail-1.7~rc6-1.fc44

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

IMF-1-walkthrough

IMF: 1 — Boot2Root Walkthrough Platform: VulnHub Diff...

CVE-2026-5364

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the...

PT-2026-34840

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 times 10000$ pixels. While the compressed file size ...

WordPress plugin Drag and Drop File Upload for Contact Form 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

📄 MetInfo CMS 8.1 PHP Code Injection

This Python script is a full remote code execution exploit suite targeting a vulnerability in MetInfo CMS versions 8.1 and below. The flaw resides in the weixin module handling logic, where improperly sanitized input allows PHP code injection via crafted XML and HTTP parameters/headers...

JLSEC-2026-180

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB...