CVE-2026-10301 itsourcecode Fees Management System index.php cross site scripting

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2026-10299 code-projects Online Hospital Management System viewdoctortimings.php resource injection

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

CVE-2026-10299

The CVE affects code-projects Online Hospital Management System 1.0. A flaw in viewdoctortimings.php allows manipulation of the delid parameter, leading to improper control of resource identifiers (an IDOR-like issue) that can be exploited remotely. The exploit is publicly available. The descript...

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

CVE-2026-10290

A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched...

CVE-2026-0070

In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0060

In updateState of GraphicsDriverEnableAngleAsSystemDriverController.java, there is a possible persistent dos issue due to an unusual root cause. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0044

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-10297 itsourcecode Fees Management System manage_course.php sql injection

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

CVE-2026-10297

The CVE-2026-10297 entry concerns itsourcecode Fees Management System 1.0. An SQL injection vulnerability exists in an unknown area of /manage_course.php triggered by manipulating the ID parameter. The issue allows remote initiation and is accompanied by a publicly available exploit. No vendor na...

CVE-2026-10297

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

CVE-2026-10297 itsourcecode Fees Management System manage_course.php sql injection

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

CVE-2025-59606 NULL Pointer Dereference in HLOS

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

CVE-2025-59605 Out-of-bounds Write in HLOS

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

CVE-2026-36324

SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting XSS due to improper handling of user supplied input in the user registration functionality in register.php...

CVE-2026-10155

A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accountsreportsearch of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDat...

CVE-2026-10112

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-10154

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is...

CVE-2026-10111

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...

CVE-2026-10185

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...