35 matches found
CVE-2026-15137
CVE-2026-15137 affects code-projects Interview Management System 1.0. The vulnerability arises from insecure handling of the input argument ID in file inc\classes\View.php , which enables SQL injection . The issue is exploitable remotely with no authentication, and public exploits are reported. C...
Linux Distros Unpatched Vulnerability : CVE-2026-39955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre- authentication SQL Injection via unanchored...
DEBIAN-CVE-2026-39955
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...
DEBIAN-CVE-2026-39948
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...
UBUNTU-CVE-2026-39955
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...
CVE-2026-39955 Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...
CVE-2026-38935
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...
EUVD-2026-25890
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...
PT-2026-35457
A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...
CVE-2026-38935
Diskover Community is affected by a reflected XSS in public/view.php via the doctype parameter, impacting versions
CVE-2026-36920
Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php...
CVE-2026-26694
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modalview.php...
CVE-2025-11332 CmsEasy URL view.php cross site scripting
A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...
CVE-2025-11332 CmsEasy URL view.php cross site scripting
A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...
CVE-2025-10780
CodeAstro Simple Pharmacy Management 1.0 is affected by a SQL injection in the /view.php handler caused by manipulation of the bar_code parameter. The vulnerability enables remote exploitation and has public exploits/disclosures. Affected component: /view.php, bar_code input; root cause: improper...
CVE-2025-10780 CodeAstro Simple Pharmacy Management view.php sql injection
A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument barcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...
CVE-2025-9929
A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...
UBUNTU-CVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
image_gallery 跨站脚本漏洞
imagegallery is an image gallery management system by the individual developer Md. Yamin Hossain of Bangladesh. A cross-site scripting vulnerability exists in imagegallery version 1.0, which stems from a cross-site scripting attack due to improper handling of the username parameter in the...
CVE-2025-0175
A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been...