CVE-2026-9349 calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSideProps information disclosure

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

CVE-2026-9349

CVE-2026-9349 affects cal.com (cal.diy) up to version 4.9.4, specifically the function getServerSideProps in apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the Generic React API. The issue arises from manipulation of the arguments cancelledBy and rescheduledBy, lea...

CVE-2026-9349 calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSideProps information disclosure

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

cal.diy 访问控制错误漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...

CVE-2026-3765

A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /attsingleview.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-3765 itsourcecode University Management System att_single_view.php sql injection

A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /attsingleview.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

itsourcecode University Management System SQL注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “dt” in the file...

CVE-2026-3412

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /attsingleview.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-3412 itsourcecode University Management System att_single_view.php cross site scripting

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /attsingleview.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-3412

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /attsingleview.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-3412 itsourcecode University Management System att_single_view.php cross site scripting

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /attsingleview.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

PT-2026-22543

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att single view.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

PT-2025-47727

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'eh crm ticket single view client' due to missing validation on a user controlled key. This makes it possible for...

Moodle 2.8.x < 2.8.11 / 2.9.x < 2.9.5 / 3.0.x < 3.0.3 Multiple Vulnerabilities

Binary data 9193.prm...

Moodle Single View Design Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in Single View in versions 2.8.x prior to Moodle 2.8.1...