PT-2026-45170

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign auth cookie of the file application/controllers/Login.php of the component MY Controller. Executing a manipulation of the...

Code-Projects Visitor Management System SQL注入漏洞

The Code-Projects Visitor Management System is an open-source visitor management system developed by Code-Projects. Version 1.0 of the code-projects Visitor Management System has a SQL injection vulnerability. This vulnerability arises from the parameter handling in the file/vms/php/phone0.php,...

Code-Projects Online Hospital Management System SQL注入漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the code-projects Online Hospital Management System has a SQL injection vulnerability. This vulnerability arises from an unknown function parameter in the...

PT-2026-45197

A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit...

PT-2026-45172

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax forgot password of the file application/controllers/Login.php of the component Forgot Password Endpoint. Th...

School Student Management System 授权问题漏洞

School Student Management System is an open-source tool developed by Binary Brains for managing school student information. The School Student Management System has a vulnerability related to authorization. This vulnerability stems from the parameter email in the ajaxforgotpassword function of th...

PT-2026-45220

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched remotely. T...

TRENDnet TEW-432BRP 命令注入漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the parameter sysCmd in the formSysCmd function within the goform/formSysCmd file, which allows for...

glibc security update

An update is available for glibc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries libc, POSIX thread librarie...

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...

RLSA-2026:21468 Important: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Cockpit: Arbitrary command execution via crafted links in...

CVE-2018-25424

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

EUVD-2018-21930

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) in the filename parameter. Affected component: ajax/download.php within The Ope...

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

CVE-2018-25405 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

Exploit for CVE-2026-9789

CVE ID: CVE-2026-9789 Researcher: Vo Duc Thang ugvxb...