CVE-2026-10261

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/applicationstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

CVE-2026-10261

CVE-2026-10261 affects CodeAstro Online Job Portal 1.0. A flaw in /users/application_status.php allows manipulation of the ID argument to cause SQL injection. This can be exploited remotely; exploitation details have been published.

Directory Traversal

Overview mcp-game-asset-gen is a MCP server for asset generation - image, video, audio, and 3D APIs for game development Affected versions of this package are vulnerable to Directory Traversal via the imageto3dasync function when processing the statusFile argument. An attacker can access or modif...

CVE-2026-7594

The CVE-2026-7594 affects Flux159 mcp-game-asset-gen 0.1.0. The vulnerability is in the MCP Interface component, specifically the image_to_3d_async function in src/index.ts, where manipulation of the statusFile argument leads to path traversal. It can be exploited remotely, and public exploits ex...

PT-2026-36546

Name of the Vulnerable Software and Affected Versions Flux159 mcp-game-asset-gen version 0.1.0 Description A path traversal issue exists in the MCP Interface component within the image to 3d async function of the src/index.ts file. This flaw allows remote attackers to perform path traversal by...

CVE-2026-7143

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

CVE-2026-7143 1000 Projects Portfolio Management System MCA block_status.php sql injection

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

Linux Distros Unpatched Vulnerability : CVE-2026-27470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a...

ZSPACE Z4Pro+ 命令注入漏洞

ZSPACE Z4Pro+ is a private cloud storage device from China Pole Space ZSPACE. A command injection vulnerability exists in ZSPACE Z4Pro+ version 1.0.0440024, which originates from a misuse of the function zfilev2apiSafeStatus in the file /v2/file/safe/status, which could lead to command injection...

EUVD-2011-0725

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2007-1269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed...

Linux Distros Unpatched Vulnerability : CVE-2007-1268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and...

Restaurant Table Booking System check-status.php file cross-site scripting vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter searchdata in the file /check-status.php,...

PHPGurukul Restaurant Table Booking System 安全漏洞

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter searchdata in the file /check-status.php,...

CVE-2023-2244

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/updatestatus.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to...

CVE-2023-1042

A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /petshop/admin/orders/updatestatus.php. The manipulation of the argument oid with the input 1" leads to cross site scripting. The attack c...

Bohua NetDragon Firewall 注入漏洞

Bohua NetDragon Firewall is a firewall from Bohua. An injection vulnerability exists in Bohua NetDragon Firewall version 1.0, which stems from improper handling of the parameter subnet in the file /systemstatus/ipstatus.php, which could lead to command injection...

CVE-2025-45818

Slims Senayan Library Management Systems 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/masterfile/itemstatus.php...

CVE-2024-11051

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/onlinestatus.php. The manipulation of the argument AccountID leads to sql injection. It is possible to launch t...