CVE Vulnerabilities

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed admi...

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php.

IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php.

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php.

Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Wor...

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php.

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php.

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php.

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php.

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php.

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings.

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argume...

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom ro...

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.

A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the applicati...

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php

Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via...

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php.

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php.

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defi...

Tanium addressed an information disclosure vulnerability in Threat Response.

Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Se...

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploita...

OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaint...

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.

OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submission...

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but neve...

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow...

Tanium addressed an uncontrolled resource consumption vulnerability in Interact.

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authen...

Tanium addressed an information disclosure vulnerability in Tanium Server.

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderato...

HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the ap...

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, an...

UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability.

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to info...

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows ...

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. P...

A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographi...

OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote...