233043 matches found
CVE-2026-9542
CodeAstro Leave Management System 1.0 has a SQL injection vulnerability in /admin/add_staff.php via manipulating the email_id parameter. The issue arises from an as‑yet unnamed function and is exploitable remotely, with public exploits available. CVSS metrics are provided (e.g., COND/PR/L impacts...
CVE-2026-9542 CodeAstro Leave Management System add_staff.php sql injection
A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...
EUVD-2026-31815
A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...
CVE-2026-9082
A flaw was found in Drupal core. This vulnerability, identified as an SQL Injection CWE-89, allows a remote attacker to execute malicious SQL commands. By exploiting this, an attacker could potentially access, modify, or delete sensitive data within the database, leading to information disclosure...
700+ education and tech websites hijacked in huge ClickFix malware campaign
Attackers are abusing a critical Ghost Content Management System CMS vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running a Windows command that installs malware. These social engineering campaigns—where website...
Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.
Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2025-36220 DESCRIPTION: IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which coul...
WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability
WordPress Events Schedule - WordPress Events Calendar Plugin plugin = 2.7.2 - SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Events Schedule - WordPress Events Calendar Plugin versions = 2.7.2...
CVE-2026-9528
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/deletejudge.php. Such manipulation of the argument judgeid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be...
CVE-2026-9525
A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/editjudge.php. The manipulation of the argument judgeid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...
CVE-2026-9528 itsourcecode Electronic Judging System delete_judge.php sql injection
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/deletejudge.php. Such manipulation of the argument judgeid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be...
CVE-2026-9528 itsourcecode Electronic Judging System delete_judge.php sql injection
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/deletejudge.php. Such manipulation of the argument judgeid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be...
CVE-2026-9528
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/deletejudge.php. Such manipulation of the argument judgeid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be...
CVE-2026-9526
A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/editteam.php. The manipulation of the argument numid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be use...
CVE-2026-9526 itsourcecode Electronic Judging System edit_team.php sql injection
A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/editteam.php. The manipulation of the argument numid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be use...
EUVD-2026-31784
A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/editjudge.php. The manipulation of the argument judgeid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...
CVE-2026-9525 itsourcecode Electronic Judging System edit_judge.php sql injection
A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/editjudge.php. The manipulation of the argument judgeid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...
CVE-2026-9524 xianrendzw EasyReport REST Endpoint execute sql injection
A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...
CVE-2026-9524
A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...
EUVD-2026-31783
A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...
CVE-2026-9524
The CVE-2026-9524 entry concerns xianrendzw EasyReport (up to 2.0.17.0522_Beta). The vulnerable component is the REST Endpoint’s execute function, where manipulating the argument reportParams can cause SQL injection. This vulnerability enables remote execution with LOW privileges required and no ...