PT-2026-32631

CVE-2026-37590 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage rent.php. https://t.co/qyv3LzlzU6...

PT-2026-32634

CVE-2026-37593 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/view att.php. https://t.co/c4uhTDec9s...

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an SQL injection issue with the rottenlead parameter in the...

CVE-2025-63939

CVE-2025-63939 affects the anirudhkannan Grocery Store Management System 1.0. The vulnerability is caused by improper input handling in /Grocery/search_products_itname.php, allowing SQL injection via the sitem_name POST parameter. The entry carries a CVSS v3.1 base score of 9.8 (CRITICAL) with NE...

CVE-2026-37597

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php. The root cause is unsafe SQL query handling, enabling potential data leakage or modification. The CVSS metrics indicate a low severity (Base ...

CVE-2026-37601

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php. The CVE notes a database-query flaw exploitable via that PHP endpoint, but no specific impact, affected version ranges beyond v1.0, or concrete...

CVE-2026-37596

CVE-2026-37596 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The vulnerability is a SQL Injection in the file /wfh_attendance/admin/manage_department.php. Documents confirm the affected product and vulnerable component, but do not provide remediation steps, exploi...

CVE-2026-37593

CVE-2026-37593 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The connected sources indicate a SQL Injection vulnerability in the file /wfh_attendance/admin/view_att.php. The CVE record provides a LOW severity (CVSSv3.1 base score 2.7) with attack vector NETWORK an...

CVE-2026-37592

CVE-2026-37592 affects Sourcecodester Storage Unit Rental Management System v1.0. Multiple sources report a SQL injection in /storage/admin/maintenance/manage_pricing.php, indicating an input-related vulnerability in that PHP file. The CVSS metrics provided show a Low severity (base score 2.7) wi...

CVE-2026-37594

CVE-2026-37594 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The vulnerability is a SQL Injection in /wfh_attendance/admin/view_employee.php, caused by unsafe SQL handling in that file. The available data identifies the issue but does not provide exploitation deta...

CVE-2026-37602

SourceCodester Patient Appointment Scheduler System v1.0 is affected by a SQL Injection in /scheduler/admin/user/manage_user.php. The CVE reports a low-severity issue (CVSS v3.1: 2.7, LOW) with NETWORK attack vector, HIGH privileges required, and no user interaction. Impact is limited to confiden...

CVE-2026-37590

CVE-2026-37590 affects SourceCodester Storage Unit Rental Management System v1.0. The vulnerability is a SQL Injection in /storage/admin/rents/manage_rent.php, with CVSS v3.1 stats indicating network access, low base score (2.7) and confidentiality impact low; integrity/availability unaffected pe...

CVE-2026-37589

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in /storage/admin/maintenance/manage_storage_unit.php. The CVE entry (CVE-2026-37589) is corroborated by multiple sources (NVD, ENISA EUVD, CVE List, AttackersKB, CVE enrichment) indicating a SQL injection fl...

CVE-2026-37600

CVE-2026-37600 affects SourceCodester Patient Appointment Scheduler System v1.0. The vulnerability is a SQL Injection in the file /scheduler/admin/appointments/view_details.php. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N with a base score of 2.7 (LOW). According to the da...

Fortinet FortiClientEms 安全漏洞

Fortinet FortiClientEms is a centralized management system developed by the American company Fortinet. There is a security vulnerability in Fortinet FortiClientEms, which stems from SQL injection attacks. This vulnerability may allow for the execution of unauthorized code or commands. The followi...

CVE-2026-37591

CVE-2026-37591 affects Sourcecodester Storage Unit Rental Management System v1.0. The vulnerability is an SQL injection in the file /storage/admin/tenants/view_details.php, reported across multiple sources (NVD/EUVD/CVE listings). The available descriptions do not specify the root cause details b...

CVE-2026-38528

Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rottenlead parameter at /Lead/LeadDataGrid.php...

PT-2026-32641

CVE-2026-37601 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage appointment.php. https://t.co/UmuQdNNj6l...

EUVD-2026-22069

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

CVE-2026-32271

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...