EUVD-2026-34995

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2026-11472 SourceCodester Class and Exam Timetabling System index1.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may ...

CodeAstro Student Attendance Management System 注入漏洞

CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter className in...

PT-2026-47271

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search staff to assign pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

PT-2026-47269

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search staff for deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed t...

ProjeQtor 12.4.3 SQL Injection Validator for Login Endpoints

This Python script is a defensive validation tool designed to identify potential SQL injection indicators in login functionality without modifying database contents or attempting exploitation...

PT-2026-47248

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An SQL injection issue exists in the /archive1.php endpoint. This occurs when the sy argument is manipulated, allowing for remote exploitation. SQL injection is a techniq...

PT-2026-47589

Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...

PT-2026-47452

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been...

PT-2026-47439

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home salary.php. The manipulation of the argument rate/salary rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

SourceCodester Class and Exam Timetabling System 注入漏洞

SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which stems from improper handling of the parameter "Password...

PT-2026-47246

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

Everbrite BeikeShop 注入漏洞

Everbrite BeikeShop is an e-commerce system developed by China Everbright Corporation. Versions of Everbrite BeikeShop prior to 1.6.0.22 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of parameters with the value “settings.value” in the unknown function...

📄 Revive Adserver 6.0.6 XSS / SQL Injection / Code Execution

Revive Adserver versions 6.0.6 and below exploitation framework that targets cross site scripting, remote SQL injection, remote code execution, and various other vulnerabilities...

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1771)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1771 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

PT-2026-47251

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

Important: ecs-init

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

CVE-2026-11464

JeecgBoot v3.9.2 and earlier are affected by CVE-2026-11464. The vulnerability is in the User List Endpoint, specifically the function queryPageList in SysUserController.java. Manipulating the salt argument leads to information disclosure. The issue can be triggered remotely and is described as h...

CVE-2026-11456

CVE-2026-11456 affects Chanjet CRM 1.0, specifically the HTTP GET Request Handler’s /tools/jxf_dump_systable.php. Manipulating the argument gblOrgID enables SQL injection, as described in the CVE. The vulnerability can be triggered remotely, and a publicly available exploit is indicated. Affected...

EUVD-2026-34984

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...