CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/27 12:0 a.m.•8 views

itsourcecode Courier Management System SQL注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the file/manageuser.php,...

7.5CVSS7.2AI score0.00254EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43599

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS

CNNVD•added 2026/05/27 12:0 a.m.•6 views

WordPress plugin MasterStudy LMS SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.5CVSS5.9AI score0.0026EPSS

CNNVD•added 2026/05/27 12:0 a.m.•6 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7CVSS5.9AI score0.00239EPSS

CNNVD•added 2026/05/27 12:0 a.m.•6 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

8.7CVSS5.9AI score0.0032EPSS

CNNVD•added 2026/05/27 12:0 a.m.•7 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

7.1CVSS5.9AI score0.00274EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•11 views

PT-2026-44049

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

5.9AI score0.00288EPSS

ATTACKERKB•added 2026/05/27 12:0 a.m.•4 views

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

5.9AI score0.00288EPSS

ATTACKERKB•added 2026/05/26 11:30 p.m.•4 views

CVE-2026-9606

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manageuser.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

Exploits0References5Affected Software1

EUVD•added 2026/05/26 11:30 p.m.•7 views

EUVD-2026-32024

Vulnrichment•added 2026/05/26 11:30 p.m.•10 views

CVE-2026-9606 itsourcecode Courier Management System manage_user.php sql injection

CVE•added 2026/05/26 11:30 p.m.•10 views

CVE-2026-9606

The vulnerability CVE-2026-9606 affects itsourcecode Courier Management System 1.0, specifically the /manage_user.php component. The root cause is manipulation of the ID parameter that leads to a SQL injection, with remote exploitation confirmed and a public exploit disclosed. The CVSS-based data...

NVD•added 2026/05/26 10:16 p.m.•13 views

CVE-2026-9584

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly a...

7.5CVSS0.00254EPSS

CVE•added 2026/05/26 9:15 p.m.•18 views

CVE-2026-9584

Code-projects Project Management System 1.0 is affected by a vulnerability in the Login chk.php component that allows remote SQL injection via an unspecified function. Exploitation is possible remotely and the exploit has been publicly disclosed, with exploit maturity listed as Proof-of-Concept. ...

Vulnrichment•added 2026/05/26 9:15 p.m.•9 views

CVE-2026-9584 code-projects Project Management System Login chk.php sql injection

NVD•added 2026/05/26 8:16 p.m.•10 views

CVE-2026-9573

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS0.00259EPSS

NVD•added 2026/05/26 8:16 p.m.•9 views

CVE-2026-9575

A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit h...

7.5CVSS0.00259EPSS

RedhatCVE•added 2026/05/26 8:15 p.m.•11 views

CVE-2026-9451

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS6.5AI score0.00246EPSS

RedhatCVE•added 2026/05/26 8:14 p.m.•8 views

CVE-2026-9411

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

6.5CVSS6.4AI score0.00246EPSS