7 matches found
CVE-2026-13542
The CVE-2026-13542 entry concerns itsourcecode Hospital Management System 1.0. Affected is an unknown function in the file /doctorprofile.php where manipulation of the doctorname parameter enables SQL injection. The vulnerability can be triggered remotely, with public exploit disclosure reported ...
CVE-2026-7158
The CVE-2026-7158 entry concerns the dmitryglhf mcp-url-downloader project. The vulnerability affects the function _validate_url_safe in src/mcp_url_downloader/server.py and is triggered by manipulating the url argument, resulting in server-side request forgery (SSRF). The issue is exploitable re...
EUVD-2026-25137
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
CVE-2025-12260 TOTOLINK A3300R POST Parameter cstecgi.cgi setSyslogCfg stack-based overflow
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible to...
CVE-2025-10424
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/facultycontroller.php. This manipulation of the argument newimage causes unrestricted upload. The attack is...
PT-2025-33439 · Itsourcecode · Itsourcecode Online Tour/Travel Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A vulnerability was identified in the processing of the file /admin/sms setting.php. Manipulation of the uname argument leads to a SQL injection. The attack may be...
CVE-2025-8989
The connected documents provide concrete details for CVE-2025-8989: a SQL injection vulnerability in SourceCodester COVID 19 Testing Management System 1.0, caused by improper handling of the mobilenumber parameter in /edit-phlebotomist.php. The issue is exploitable remotely and may affect other p...