14410 matches found
CVE-2026-14796
CVE-2026-14796 affects CodeAstro Apartment Visitor Management System 1.0. Affected component: /apartment-visitor/report.php; vulnerability: SQL injection triggered by manipulating the fromdate parameter. Attackable remotely over network with no user interaction; attacker privileges required: LOW....
EUVD-2026-41802
A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...
CVE-2026-14789
Radare2 (radareorg) up to 6.1.6 has a stack-based buffer overflow in libr/bin/format/mdmp/mdmp.c of the Memory64ListStream Parser. The vulnerability requires local access; an exploit is public. Patch: 175d4addb68981331c85b10681c2161c38fb5762. Apply the official patch to address the issue.
CVE-2026-14786
The CVE affects radare2 (radareorg) up to version 6.1.6. The vulnerability is in the function r_str_word_get0set within libr/util/str.c, where input handling leads to an integer overflow. Exploitation requires local access, and exploitation details are publicly available via the referenced commit...
EUVD-2026-41791
A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...
CVE-2026-14776
A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...
CVE-2026-14773
A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
EUVD-2026-41780
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editroom.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may...
EUVD-2026-41779
A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly...
CVE-2026-14768
CVE-2026-14768 affects code-projects Real State Services 1.0 and concerns the file /builderHome.php. The vulnerability arises from manipulation of the argument loc, enabling SQL injection. It is executable remotely and the exploit has been made publicly available. Documents do not specify the vul...
EUVD-2026-41778
A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...
CVE-2026-14767
CodeAstro Ecommerce Website 1.0 contains a SQL injection in the POST Parameter Handler within /ecommerce-website-php/customer/confirm.php (invoice_no). The vulnerability can be triggered remotely; the exploit has been released publicly. The CVSS-derived metrics in the sources indicate network att...
CVE-2026-14767
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...
EUVD-2026-41776
A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...
EUVD-2026-41772
A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack...
CVE-2026-14762
A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack...
EUVD-2026-41771
A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function rstrndup/rstrappend of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be...
CVE-2026-14759
radareorg radare2 up to 6.1.6 is affected by a heap-based overflow in r_bin_java_inner_classes_attr_calc_size (shlr/java/class.c). The vulnerability is triggered via local manipulation of input and has a public exploit; a patch (commit cd62d15a6cbecdc67fd03f3ebdbbbeb741d18f87) is available to fix...
EUVD-2026-41769
A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...
EUVD-2026-41763
A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/addtour.php of the component Tour Management Page. The manipulation of the argument deleteimage results in sql injection. The attack may be launche...