CVE-2026-8115 gyoridavid short-video-maker REST API rest.ts path traversal

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...

CVE-2026-8083

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be...

CVE-2026-2553 tushar-2223 Hotel-Management-System HTTP POST Request home.php sql injection

A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Name/Email results in sql injection...

CVE-2023-4740

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=email/api/delDraft=0 of the component Delete Draft Handler. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-0544

A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public an...

CVE-2025-12917

TOZED ZLT T10/T10PLUS_3.04.15: vulnerability in an unknown function of the /reqproc/proc_post file within the Reboot Handler can cause denial of service. Exploitation requires local network access; an exploit is publicly available. Multiple sources (Red Hat, EUVD, NVD, CVE/CVElist, CNNVD, PT-2025...

CVE-2025-12289

A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activitystate/1/categoryid/1001. Executing manipulation of the argument categoryid can lead to...

CVE-2025-10328

A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely...

CVE-2025-9749

CVE-2025-9749 affects HKritesh009 Grocery List Management Web App (up to f491b681eb70d465f445c9a721415c965190f83b). The vulnerability is an SQL injection in an unknown portion of /src/update.php triggered by manipulating the ID parameter, with remote exploitation possible. Public exploit exists. ...

CVE-2025-9608

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-9655

CVE-2025-9655 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The issue arises from manipulating the Description argument in the /x_organization_assemble_control/jaxrs/person/ file, enabling cross-site scripting. Exploitation can be performed remotely. Vendo...

PT-2025-34701 · Oitcode · Oitcode Samarium

Name of the Vulnerable Software and Affected Versions: oitcode samarium versions through 0.9.6 Description: A security flaw exists in oitcode samarium up to version 0.9.6. The issue affects unknown code within the /cms/webpage/ file of the Pages Image Handler component and allows for cross-site...

CVE-2025-8806

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate...

CVE-2025-5971

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been classified as critical. This affects an unknown part of the file /ajx.php. The manipulation of the argument namestartsWith leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

CVE-2024-5893

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=deleteclient. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-12983

A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the argument Doctor Name leads to cross site...

CVE-2023-1607

A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-3400

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.20520250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-3216

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been classified as critical. This affects an unknown part of the file /password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. T...