CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

PT-2026-1971

Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A flaw exists in code-projects Intern Membership Management System version 1.0. The issue involves a SQL injection vulnerability within an unknown function of the...

Tipray Data Leakage Prevention System 安全漏洞

Tipray Data Leakage Prevention System is a data leakage prevention system of China Tipray Company. A security vulnerability exists in Tipray Data Leakage Prevention System version 1.0, which originates from the incorrect operation of the parameter sort in the file findDeptPage.do, which may lead ...

EUVD-2022-52304

Malicious code in bioql PyPI...

Student Attendance Management System 安全漏洞

Student Attendance Management System is a student attendance management system developed by rickxy. A security vulnerability exists in Student Attendance Management System v1. The vulnerability stems from SQL injection due to incorrect manipulation of the classId and classArmName parameters in th...

Kelixun Communication Command and Dispatch Management Platform 命令注入漏洞

Kelixun Communication Command and Dispatch Management Platform Kelixun is a communication command and dispatch management platform from Kelixun, China. A command injection vulnerability exists in Kelixun Communication Command and Dispatch Management Platform version 1.0, which originates from os...

ForIP Tecnologia Administração PABX 安全漏洞

ForIP Tecnologia Administração PABX is a telephony system from ForIP Tecnologia. A security vulnerability exists in ForIP Tecnologia Administração PABX version 1.x, which stems from the parameter id of the file /detalheIdUra that can lead to SQL injection...

PHPGurukul Hospital Management System SQL Injection Vulnerability

PHPGurukul Hospital Management System is a PHP and MySQL based hospital management system. A SQL injection vulnerability exists in PHPGurukul Hospital Management System version 1.0, which originates from a SQL injection vulnerability in the mobnum parameter of the admin/contact.php page...

Client Details System Cross-Site Scripting Vulnerability

Client Details System is a management platform. A cross-site scripting vulnerability exists in code-projects Client Details System version 1.0, which stems from the parameter fname/lname/email/contact in the file /admin/regester.php that causes cross-site scripting...

Take-Note App Cross-Site Request Forgery Vulnerability

Take-Note App is a note-taking application by the individual developer Remy Andrade. A cross-site request forgery vulnerability exists in Take-Note App version 1.0. An attacker can exploit this vulnerability to perform cross-site request forgery attacks...

Auto Dealer Management System SQL注入漏洞

Auto Dealer Management System is an automobile dealer management system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Auto Dealer Management System version 1.0, which is caused by an incorrect manipulation of the parameter id that results in an sql injection...

PT-2022-22834 · Sourcecodester · Sourcecodester Simple Cold Storage Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Cold Storage Management System version 1.0 Description: A vulnerability was found in the Create User Handler component of the SourceCodester Simple Cold Storage Management System. The issue affects some unknown...

Bank Management System 跨站脚本漏洞

Bank Management System is a bank management system. A cross-site scripting vulnerability exists in Bank Management System version 1.0, which stems from a failure to properly filter content at the /mnotice.php?id=2 parameter. A remote attacker could use this vulnerability to execute cross-site...