93385 matches found
PT-2026-22182
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.10 Description SPIP versions before 4.4.10 have a SQL injection flaw. Authenticated low-privilege users can execute arbitrary SQL queries through union-based injection techniques. Attackers can combine this SQL...
SPIP 安全漏洞
SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.10 contained security vulnerabilities. These vulnerabilities stemmed from PHP type conversion, which allowed unauthorized attackers to bypass authentication and access protected informati...
CVE-2026-27613
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...
CVE-2026-3171 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System queue.php cross site scripting
A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipulation of the argument firstname/lastname causes cross site scripting. The attack is possible to b...
CVE-2026-3170
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed...
CVE-2026-3151
A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...
CVE-2026-3153
A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...
CVE-2026-3164 itsourcecode News Portal Project contactus.php sql injection
A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and...
CVE-2026-3153 itsourcecode Document Management System register.php sql injection
A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...
CVE-2026-3153
The CVE-2026-3153 entry concerns itsourcecode Document Management System 1.0. A vulnerability in the /register.php file allows manipulation of the Username parameter to perform a SQL injection, with remote exploitation indicated. Multiple connected sources (Red Hat, EU vulnerability catalogs, CVE...
CVE-2026-3069
A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and ma...
CVE-2026-3148
CVE-2026-3148 affects SourceCodester Simple and Nice Shopping Cart Script v1.0. A SQL injection vulnerability exists in an unknown function in /signup.php via manipulation of the Username argument, with remote exploitation and a publicly disclosed exploit. Multiple connected sources corroborate t...
Exploit for Command Injection in Magnussolution Magnusbilling
CVE-2023-30258 — Magnus Billing v7 Command Injection PoC...
CVE-2026-27632
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...
CVE-2026-24896
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...
CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...
CVE-2026-3133
A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit ha...
CVE-2026-3133
A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit ha...
SourceCodester Mvuma Patients Waiting Area Queue Management System 代码注入漏洞
SourceCodester Mvuma Patients Waiting Area Queue Management System is an open-source system for patient waiting area queue management developed by SourceCodester. Version 1.0 of the SourceCodester Mvuma Patients Waiting Area Queue Management System contains a code injection vulnerability. This...
PT-2026-21886
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed...