CVE-2026-10208

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

CVE-2026-4842 itsourcecode Online Enrollment System Parameter index.php sql injection

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is...

CVE-2026-3793 SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...

NewStart CGSL MAIN 6.06 (SP) : bind Multiple Vulnerabilities (NS-SA-2026-0006)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has bind packages installed that are affected by multiple vulnerabilities: - The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which...

CVE-2026-3200

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-2176

A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem0 leads to sql injection. The attack can be executed remotely...

CVE-2026-2014

A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which arises from improper neutralization of speci...

CVE-2026-1449

A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function PageLoad of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. It is possible to launch the attack...

Johnson Controls Metasys Products

RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

CVE-2023-4182

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file editsell.php. The manipulation of the argument uppid leads to sql injection. It is possible to initiate the attack remotely. The identifier...

CVE-2025-14570

CVE-2025-14570 affects projectworlds Advanced Library Management System 1.0. The vulnerability is in the file routes involving the parameter that controls the admin ID (notably /view_admin.php or /view admin.php in variants) where improper handling/manipulation of the admin_id parameter enables S...

CVE-2025-11585 code-projects Project Monitoring System useredit.php sql injection

A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

PT-2025-41226

Name of the Vulnerable Software and Affected Versions itsourcecode Student Transcript Processing System version 1.0 Description A weakness exists in itsourcecode Student Transcript Processing System 1.0. The issue involves the potential for SQL injection through manipulation of the uname argument...

EUVD-2025-24025

Malicious code in bioql PyPI...

EUVD-2025-25014

Malicious code in bioql PyPI...

EUVD-2025-27178

Malicious code in bioql PyPI...

EUVD-2025-26366

Malicious code in bioql PyPI...

PHPGurukul Small CRM SQL注入漏洞

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability, which originates from the /get-quote.php file, which does not perform security filtering on the Contact parameter. An attacker can exploit this vulnerability to illegally manipulate the...

PT-2025-35411

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists due to the manipulation of the user id argument in an unknown function within the /ajax/updateProfile.php file. This allows for remote exploitation...