Lucene search
K

652 matches found

Cvelist
Cvelist
added 2026/02/18 10:32 p.m.26 views

CVE-2026-2682 Tsinghua Unigroup Electronic Archives System prinReport.html sql injection

A vulnerability has been found in Tsinghua Unigroup Electronic Archives System up to 3.2.21080262532. Impacted is an unknown function of the file /mine/PublicReport/prinReport.html?token=java. Such manipulation of the argument comid leads to sql injection. The attack can be launched remotely. The...

6.5CVSS0.00346EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/09 5:32 a.m.3 views

CVE-2026-2217

A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manageuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be us...

7.5CVSS7.2AI score0.00323EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/02/09 1:16 a.m.10 views

CVE-2026-2199

A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated...

9.8CVSS0.00323EPSS
Exploits1References5
OSV
OSV
added 2026/02/08 11:15 p.m.4 views

CVE-2026-2190

A security flaw has been discovered in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been released to the...

9.8CVSS5.8AI score0.00381EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/08 6:32 p.m.5 views

CVE-2026-2173

A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely...

7.5CVSS7.2AI score0.00312EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/08 5:16 a.m.2 views

CVE-2026-2134

A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has bee...

7.2CVSS5.7AI score0.00306EPSS
Exploits1References5
NVD
NVD
added 2026/02/08 12:16 a.m.5 views

CVE-2026-2116

A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/editexpenses.php. Such manipulation of the argument expensesid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

9.8CVSS0.00381EPSS
Exploits1References5
NVD
NVD
added 2026/02/07 4:15 a.m.12 views

CVE-2026-2073

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...

9.8CVSS0.00323EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.6 views

PT-2026-6937

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System version 1.0 that allows for remote SQL injection. The issue is located in the /admin/edit activity.php file, specifically...

9.8CVSS5.5AI score0.00323EPSS
Exploits1References11
NVD
NVD
added 2026/02/06 9:15 a.m.8 views

CVE-2026-2012

A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

9.8CVSS0.00326EPSS
Exploits1References5
NVD
NVD
added 2026/02/01 1:15 p.m.4 views

CVE-2021-47916

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:15 p.m.4 views

CVE-2021-47918

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

8.6CVSS6AI score0.00511EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/31 3:21 p.m.7 views

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

9.5CVSS6AI score0.0144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.5 views

Johnson Controls Metasys’ various products have security vulnerabilities

Johnson Controls Metasys is a building automation platform developed by Johnson Controls, a company based in the United States. Several products of Johnson Controls Metasys have security vulnerabilities, which stem from improper handling of special elements in commands, potentially leading to...

9.5CVSS7.6AI score0.0144EPSS
Exploits0References2
OSV
OSV
added 2026/01/29 3:16 p.m.4 views

CVE-2026-1594

A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/addexpenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The...

9.8CVSS5.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.10 views

PT-2026-5297

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System that allows for remote manipulation of the ID argument in the file /ramonsys/faculty/index.php, leading to a SQL injection. Th...

9.8CVSS7.3AI score0.00379EPSS
Exploits1References10
CVE
CVE
added 2026/01/28 9:2 p.m.17 views

CVE-2026-1535

CVE-2026-1535 affects code-projects Online Music Site 1.0. The vulnerability exists in the file /Administrator/PHP/AdminReply.php, where manipulation of the ID argument leads to an SQL injection. This is remotely exploitable (network vector) and, per connected sources, the exploit has been public...

9.8CVSS5.8AI score0.00416EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.7 views

PT-2026-5225

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A security issue exists in code-projects Online Music Site 1.0. Manipulation of the ID argument in the file /Administrator/PHP/AdminReply.php can lead to SQL injection. This issue is...

9.8CVSS5.8AI score0.00416EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

Browan Communications PrismX MX100 Trust Management Vulnerability

The Browan Communications PrismX MX100 is a wireless router produced by Browan Communications in Taiwan, China. The PrismX MX100 has a trust management vulnerability, which stems from the use of hard-coded credentials. This vulnerability could allow unverified remote attackers to log into databas...

9.8CVSS5.8AI score0.00436EPSS
Exploits0References2
OSV
OSV
added 2026/01/19 3:16 a.m.4 views

CVE-2026-1133

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

9.8CVSS6.9AI score0.00493EPSS
Exploits0References4
Rows per page
Query Builder