CVE-2026-4471

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admineditemployee.php. Executing a manipulation of the argument FirstName can lead to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-3980

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

CVE-2026-4229

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-4504

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

CVE-2026-4850

A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql injection. The attack may be launched remotely. The...

CVE-2026-4842

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is...

CVE-2026-4842

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is...

CVE-2026-4842 itsourcecode Online Enrollment System Parameter index.php sql injection

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is...

CVE-2026-4839

A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-4836

A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /myaccount/delete.php. Performing a manipulation of the argument cosid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public a...

CVE-2026-4839 SourceCodester Food Ordering System Parameter purchase.php sql injection

A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-4783

The CVE concerns itsourcecode College Management System 1.0. The vulnerability is in the Parameter Handler of the /admin/add-single-student-results.php file, where manipulating the course_code argument causes SQL injection. It can be exploited remotely and the exploit has been disclosed publicly....

CVE-2026-4777

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file viewsupplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

CVE-2026-4777

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file viewsupplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

PT-2026-27520

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

CVE-2026-4613 SourceCodester E-Commerce Site products.php sql injection

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2026-4612 itsourcecode Free Hotel Reservation System Parameter index.php sql injection

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/modusers/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument accountid leads to sql injection. Remote exploitation of t...

CVE-2026-4597

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...

SQL Injection: Hibernate

Overview Affected versions of this package are vulnerable to SQL Injection: Hibernate via the geneEruptHqlOrderBy function. An attacker can execute arbitrary SQL commands by manipulating the sort.field argument remotely. Remediation Upgrade xyz.erupt:erupt-jpa to version 1.13.1 or higher...