CVE-2026-4544

CVE-2026-4544 affects Wavlink WL-WN578W2 221110. The vulnerability is in the POST Request Handler’s /cgi-bin/login.cgi, where manipulating the argument homepage/hostname/login_page can trigger cross-site scripting. Exploitation is possible remotely, and public exploit activity is indicated. No ve...

CVE-2026-2221 code-projects Online Reviewer System Login index.php sql injection

A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The...

CVE-2021-2322

Vulnerability in OpenGrok component: Web App. Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1...

CVE-2025-15211

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

CVE-2025-15188

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotel...

Online Banking website using PHP SQL注入漏洞

Online Banking website using PHP is an online banking website by Rashmin Personal Developer. A SQL injection vulnerability exists in Online Banking website using PHP, which stems from incorrect manipulation of the parameter Username in the file /site/dist/authlogin.php, which can lead to SQL...

School Fees Payment Management System /ajax.php?action=delete_payment file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

CVE-2025-13323

A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /listorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public...

EUVD-2025-37471

A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/logincrud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

CVE-2025-12612

CVE-2025-12612 affects Campcodes School Fees Payment Management System 1.0. The vulnerability stems from improper handling of the parameter in the /ajax.php?action=delete_course path, where manipulation of the ID enables a SQL injection. The issue is exploitable remotely and, per connected source...

📄 Casdoor 2.95.0 Cross Site Request Forgery

Casdoor version 2.55.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.95.0 2025-10-22 Date: 2025-10-23 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...

CVE-2025-11416 PHPGurukul Beauty Parlour Management System invoices.php sql injection

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can be initiated remotely. The exploit has been released to th...

EUVD-2018-20683

Malware in sbrugna...

EUVD-2025-25697

Malicious code in bioql PyPI...

CVE-2025-10445

A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/ustransac.php?action=add. Executing manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has bee...

PT-2025-36496

Name of the Vulnerable Software and Affected Versions: code-projects Online Event Judging System version 1.0 Description: A security flaw exists in code-projects Online Event Judging System 1.0. The issue affects an unknown function within the /index.php file. Manipulation of the Username paramet...

PT-2025-35847

Name of the Vulnerable Software and Affected Versions: Jinher OA version 1.0 Description: A cross site scripting issue exists due to the manipulation of the Account argument. The issue affects an unknown function within the file /jc6/platform/sys/login!changePassWord.action of the POST Request...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/dependenteeditarDoc.php endpoint idatendidofamiliares parameter. An attacker could exploit...

Code-Projects Inventory Management System 安全漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the editCategoriesName parameter in the /phpaction/editCategories.php file for externally entered SQL statements. An...