Submit #768058: projectworlds Online Art Gallery Shop Project V1.0 SQL Injection [Accepted]
Submit #768058 / VDB-349736
Aggregator
Submit #768057: projectworlds Online Art Gallery Shop Project V1.0 SQL Injection [Accepted]
3 weeks 4 days ago
Submit #768057 / VDB-349735
kunlun
CVE-2026-3752 | SourceCodester Employee Task Management System up to 1.0 GET Parameter /daily-task-report.php Date sql injection (EUVD-2026-10255)
3 weeks 4 days ago
A vulnerability identified as critical has been detected in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection.
The identification of this vulnerability is CVE-2026-3752. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2026-3751 | SourceCodester Employee Task Management System 1.0 GET Parameter daily-attendance-report.php Date sql injection (EUVD-2026-10254)
3 weeks 4 days ago
A vulnerability categorized as critical has been discovered in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection.
This vulnerability was named CVE-2026-3751. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
CVE-2026-3750 | ContiNew Admin up to 4.2.0 Storage Management S3ClientFactory.java URI.create server-side request forgery (EUVD-2026-10253)
3 weeks 4 days ago
A vulnerability was found in ContiNew Admin up to 4.2.0. It has been rated as critical. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side request forgery.
This vulnerability is uniquely identified as CVE-2026-3750. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #768042: SourceCodester Inventory System 1.0 SQL Injection [Accepted]
3 weeks 4 days ago
Submit #768042 / VDB-349734
Submit #768039: SourceCodester Inventory System 1.0 SQL Injection [Accepted]
3 weeks 4 days ago
Submit #768039 / VDB-349733
Submit #768038: SourceCodester Inventory System 1.0 SQL Injection [Accepted]
3 weeks 4 days ago
Submit #768038 / VDB-349732
Submit #768037: SourceCodester Inventory System 1.0 SQL Injection [Accepted]
3 weeks 4 days ago
Submit #768037 / VDB-349731
CVE-2026-3749 | Bytedesk up to 1.3.9 SVG File UploadRestService.java handleFileUpload unrestricted upload (Issue 19 / EUVD-2026-10252)
3 weeks 4 days ago
A vulnerability was found in Bytedesk up to 1.3.9. It has been declared as critical. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload.
This vulnerability is handled as CVE-2026-3749. The attack can be executed remotely. Additionally, an exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-3748 | Bytedesk up to 1.3.9 SVG File UploadRestController.java uploadFile unrestricted upload (Issue 18 / EUVD-2026-10251)
3 weeks 4 days ago
A vulnerability was found in Bytedesk up to 1.3.9. It has been classified as critical. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload.
This vulnerability is known as CVE-2026-3748. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
Upgrading the affected component is recommended.
vuldb.com
Submit #768035: SourceCodester Employee Task Management System 1.0 SQL Injection [Accepted]
3 weeks 4 days ago
Submit #768035 / VDB-349730
Submit #768034: SourceCodester Employee Task Management System 1.0 SQL Injection [Accepted]
3 weeks 4 days ago
Submit #768034 / VDB-349729
Submit #768033: continew-org ContiNew Admin ≤ 4.2.0 Server-Side Request Forgery [Accepted]
3 weeks 4 days ago
Submit #768033 / VDB-349728
din4
Submit #768030: Bytedesk <=1.3.9 Unrestricted Upload of File with Dangerous Type (CWE-434) [Accepted]
3 weeks 4 days ago
Submit #768030 / VDB-349727
ZAST.AI
Submit #768028: Bytedesk <=1.3.9 Unrestricted Upload of File with Dangerous Type (CWE-434) [Accepted]
3 weeks 4 days ago
Submit #768028 / VDB-349726
ZAST.AI
CVE-2026-3747 | itsourcecode University Management System 1.0 /add_result.php subject sql injection (EUVD-2026-10250)
3 weeks 4 days ago
A vulnerability was found in itsourcecode University Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument subject leads to sql injection.
This vulnerability is traded as CVE-2026-3747. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2026-3746 | SourceCodester Simple Responsive Tourism Website 1.0 Login Login.php?f=login Username sql injection (EUVD-2026-10249)
3 weeks 4 days ago
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection.
This vulnerability appears as CVE-2026-3746. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
CVE-2026-3745 | code-projects Student Web Portal 1.0 profile.php User sql injection (EUVD-2026-10248)
3 weeks 4 days ago
A vulnerability, which was classified as critical, was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection.
This vulnerability is reported as CVE-2026-3745. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
CVE-2026-3744 | code-projects Student Web Portal 1.0 signup.php valreg_passwdation reg_passwd sql injection (EUVD-2026-10247)
3 weeks 4 days ago
A vulnerability, which was classified as critical, has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql injection.
This vulnerability is documented as CVE-2026-3744. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com