Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

GHSA-HJ5C-MHH2-G7JQ Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug

Summary The hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, descriptions, colors, and creator information are exposed. Details The access contr...

EUVD-2026-21390

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

EUVD-2026-21392

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

EUVD-2026-21386

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

EUVD-2026-21373

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

CVE-2026-36234

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

CVE-2026-36232

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Hibernate library

Summary Due to use of the Hibernate library, DevOps Test Performance and Rational Performance Tester contain a potential SQL injection vulnerability. CVE-2026-0603 Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could...

WordPress User Registration & Membership plugin <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] vulnerability

Authenticated Subscriber+ SQL Injection via membershipids vulnerability discovered by WordFence in WordPress Plugin User Registration versions = 5.1.2...

EUVD-2026-21326

A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be us...

EUVD-2026-21350

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCHID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

EUVD-2026-21352

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

CVE-2026-6038

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

BIT-JOOMLA-2026-21630 Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...

CVE-2026-6038

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

CVE-2026-6038 code-projects Vehicle Showroom Management System RegisterCustomerFunction.php sql injection

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

CVE-2026-6038 code-projects Vehicle Showroom Management System RegisterCustomerFunction.php sql injection

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...