CVE-2026-4577

CVE-2026-4577 affects code-projects Exam Form Submission 1.0. The vulnerability is in an unknown function of the file /admin/update_s4.php, where manipulating the argument sname can trigger cross-site scripting. The issue could be exploited remotely and the exploit has been made public. No furthe...

CVE-2026-4573

A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...

CVE-2026-4576 code-projects Exam Form Submission update_s5.php cross site scripting

A vulnerability has been found in code-projects Exam Form Submission 1.0. Impacted is an unknown function of the file /admin/updates5.php. Such manipulation of the argument sname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and m...

CVE-2026-4576

CVE-2026-4576 affects code-projects Exam Form Submission 1.0. The issue is in an unknown function of /admin/update_s5.php where manipulation of the parameter sname triggers cross-site scripting. The attack can be launched remotely and public exploit information exists. The connected sources list ...

CVE-2026-4575

The CVE-2026-4575 entry concerns code-projects Exam Form Submission 1.0, where the argument sname in /admin/update_s2.php can be manipulated to trigger cross-site scripting. The flaw can be exploited remotely, and an exploit has been published and may be used. The available documents specify the ...

EUVD-2026-14339

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function orderinfo of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument orderid causes authorization bypass. It is possible ...

PT-2026-27194

A vulnerability was determined in code-projects Exam Form Submission 1.0. This vulnerability affects unknown code of the file /admin/update s6.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly...

PT-2026-27196

A Reflected Cross-Site Scripting XSS vulnerability exists in the POST request data zipPath of tiki-admin system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or...

📄 OpenEMR 8.0.0 Authenticated SQL Injection

OpenEMR version 8.0.0 authenticated remote SQL injection exploit that leverages the name parameter in ajax/graphs.php. ====================================================================================================================== | Title : OpenEMR 8.0.0 Authenticated SQL Injection via nam...

PT-2026-27050

Name of the Vulnerable Software and Affected Versions SourceCodester Simple E-learning System version 1.0 Description A security issue exists in SourceCodester Simple E-learning System 1.0. The issue is related to SQL injection within the /includes/form handlers/delete post.php file, specifically...

Kalcaddle Kodbox 操作系统命令注入漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. Version 1.64 of Kalcaddle Kodbox contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the...

WWBN AVideo 路径遍历漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of directory restrictions on the import.json.php endpoint, which could allow arbitra...

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an authorization vulnerability. This vulnerability stemmed from the standAloneFiles/control.json.php endpoint, which allowed users to control the streamerURL...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the plugin/Live/standAloneFiles/saveDVR.json.php file. Thi...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from a logical error in the setPassword.json.php endpoint of the CustomizeUser plugin. This error could cau...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the isSSRFSafeURL function, which allowed bypassing IPv6 addresses using IPv4 mapping. This could lead to...

PT-2026-27052

Name of the Vulnerable Software and Affected Versions code-projects Exam Form Submission version 1.0 Description A flaw exists in code-projects Exam Form Submission 1.0, involving the processing of the file '/admin/update s2.php'. Manipulation of the sname argument can lead to cross site scriptin...

PT-2026-27184

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The remindMe.json.php endpoint passes the $ REQUEST'live schedule id' variable through multiple functions without proper sanitization. This ultimatel...

Code-Projects Exam Form Submission 代码注入漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter sname in the file admin/updates4.php, which may...

PT-2026-27191

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the...