CVE-2018-25387 HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksiuser.php script with parameters like iduser, password, and leve...

CVE-2026-9606

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manageuser.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

CVE-2026-7941

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

PT-2026-35436

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-37602

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manageuser.php...

EUVD-2026-17353

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2026-5197

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2026-3737

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file adduser.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has bee...

CVE-2026-2158

A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /checkuser.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely...

CVE-2026-2009

A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/phpaction/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been...

SourceCodester Gas Agency Management System 访问控制错误漏洞

The SourceCodester Gas Agency Management System is an open-source gas agency management system developed by SourceCodester. Version 1.0 of the SourceCodester Gas Agency Management System contains a vulnerability related to access control. This vulnerability arises from improper handling of the fi...

CVE-2026-1744 D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sppppoeuser.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and coul...

MedDream PACS Premium modifyUser reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2268 MedDream PACS Premium modifyUser reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54853 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyUser functionality of MedDream PACS Premium...

PT-2025-51148

Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A flaw exists in the Student File Management System that allows for remote code execution. The issue is located in the file /admin/delete user.php and involves the manipulati...

CVE-2025-14621 code-projects Student File Management System update_user.php sql injection

A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/updateuser.php. The manipulation of the argument userid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

CVE-2025-14226 itsourcecode Student Management System edit_user.php sql injection

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

EUVD-2025-36099

A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-12201

The CVE-2025-12201 entry concerns ajayrandhawa User-Management-PHP-MYSQL. Affects an unknown portion of the file /admin/edit-user.php in the User Management Interface. Manipulation of the image parameter enables unrestricted file uploads, with remote exploitation possible. Public exploit informat...

CVE-2025-11668 code-projects Automated Voting System update_user.php sql injection

A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/updateuser.php. This manipulation of the argument Password causes sql injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-11611

A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public...