PT-2026-21318

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...

CVE-2025-13084

The groov View API exposes a users endpoint that returns a list of all users with metadata including their API keys. Access requires an Editor role, but the endpoint reveals API keys for all users, including Administrators, creating potential exposure and confidentiality impact. The issue is docu...

CVE-2025-6567

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/viewapplication.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated...

CVE-2021-24046

A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0...

CVE-2025-4715

Campcodes Sales and Inventory System 1.0 contains a SQL injection in the /pages/view_application.php file. The vulnerability is triggered by manipulating the cid parameter, allowing remote exploitation. Multiple sources in the provided documents confirm the issue and its public disclosure, with n...

CampCodes Sales and Inventory System 注入漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in version 1.0 of the CampCodes Sales and Inventory System, which stems from SQL injection due to incorrect manipulation of the parameter cid in the file...

CVE-2024-55058

An insecure direct object reference IDOR vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the...

CVE-2024-4093

A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file viewapplication.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

Simple Subscription Website SQL注入漏洞

Simple Subscription Website is an open source, web-based simple subscription application by Carlo Montero Personal Developer. It is used to provide companies with possible members to apply for plans that offer certain services. A SQL injection vulnerability exists in Simple Subscription Website...

CVE-2022-30414

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/viewapplication&id=...

CVE-2022-30414

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/viewapplication&id=...

Covid-19 Travel Pass Management System SQL注入漏洞

Covid-19 Travel Pass Management System is a Covid-19 travel pass management system. It provides an online platform for individuals to submit travel passes within the Covid-19 restrictions. Covid-19 Travel Pass Management System v1.0 suffers from an SQL injection vulnerability that originates in...

AppCrashView - View Application Crashes (.wer files)

AppCrashView is a small utility for Windows Vista and Windows 7 that displays the details of all application crashes occurred in your system. The crashes information is extracted from the .wer files created by the Windows Error Reporting WER component of the operating system every time that a cra...