EUVD-2026-33636

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

CVE-2026-10257

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

CVE-2026-10256

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /savecomment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

CVE-2026-10256 itsourcecode Content Management System save_comment.php sql injection

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /savecomment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

CVE-2026-10256 itsourcecode Content Management System save_comment.php sql injection

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /savecomment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

CVE-2026-10255 SourceCodester Pharmacy Sales and Inventory System ShowForm.php sell_statement access control

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sellstatement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be launched remotely. The...

CVE-2026-10255 SourceCodester Pharmacy Sales and Inventory System ShowForm.php sell_statement access control

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sellstatement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be launched remotely. The...

CVE-2026-10255

The CVE concerns SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability resides in the function sell_statement of application/controllers/ShowForm.php, which enables manipulation leading to improper access controls. Exploitation is possible remotely and public disclosure is not...

CVE-2026-10255

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sellstatement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be launched remotely. The...

CVE-2026-10253

A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /managepayment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

CVE-2026-10248

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function createsupplier of the file /Exportcsv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection...

CVE-2026-10244

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function createmedicinename of the file /ShowForm/createmedicinename/main. Performing a manipulation of the argument medicinename results in cross site scripting. The atta...

CVE-2026-10247

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function creategenericname of the file /ShowForm/creategenericname/main. The manipulation of the argument genericname results in cross site scripting. The attack may be launched...

CVE-2026-10245

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function createsupplier of the file /ShowForm/createsupplier/main. Executing a manipulation of the argument companyname can lead to cross site scripting. The attack can be launched...

CVE-2026-10246

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...

CVE-2026-10252

The CVE-2026-10252 entry concerns itsourcecode Online House Rental System 1.0. A vulnerability exists in an unknown function of /manage_tenant.php where manipulation of the ID parameter leads to SQL injection. Attacks can be initiated remotely, and the exploit has been publicly disclosed and may ...

Legacy-TJNULL-OSCP-

HackTheBox: Legacy Writeup An elegant, professional walkthroug...

CVE-2026-42000

A flaw was found in pdns. This vulnerability, stemming from insufficient validation of names during an Asynchronous Zone Transfer AXFR, allows a remote attacker to compromise the integrity of DNS data. By sending specially crafted requests, an attacker could potentially poison DNS caches or make...

EUVD-2026-33626

A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...