Submit #768042: SourceCodester Inventory System 1.0 SQL Injection [Accepted]
Submit #768042 / VDB-349734
Aggregator
Submit #768039: SourceCodester Inventory System 1.0 SQL Injection [Accepted]
1 month ago
Submit #768039 / VDB-349733
Submit #768038: SourceCodester Inventory System 1.0 SQL Injection [Accepted]
1 month ago
Submit #768038 / VDB-349732
Submit #768037: SourceCodester Inventory System 1.0 SQL Injection [Accepted]
1 month ago
Submit #768037 / VDB-349731
CVE-2026-3749 | Bytedesk up to 1.3.9 SVG File UploadRestService.java handleFileUpload unrestricted upload (Issue 19 / EUVD-2026-10252)
1 month ago
A vulnerability was found in Bytedesk up to 1.3.9. It has been declared as critical. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload.
This vulnerability is handled as CVE-2026-3749. The attack can be executed remotely. Additionally, an exploit exists.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-3748 | Bytedesk up to 1.3.9 SVG File UploadRestController.java uploadFile unrestricted upload (Issue 18 / EUVD-2026-10251)
1 month ago
A vulnerability was found in Bytedesk up to 1.3.9. It has been classified as critical. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload.
This vulnerability is known as CVE-2026-3748. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
Upgrading the affected component is recommended.
vuldb.com
Submit #768035: SourceCodester Employee Task Management System 1.0 SQL Injection [Accepted]
1 month ago
Submit #768035 / VDB-349730
Submit #768034: SourceCodester Employee Task Management System 1.0 SQL Injection [Accepted]
1 month ago
Submit #768034 / VDB-349729
Submit #768033: continew-org ContiNew Admin ≤ 4.2.0 Server-Side Request Forgery [Accepted]
1 month ago
Submit #768033 / VDB-349728
din4
Submit #768030: Bytedesk <=1.3.9 Unrestricted Upload of File with Dangerous Type (CWE-434) [Accepted]
1 month ago
Submit #768030 / VDB-349727
ZAST.AI
Submit #768028: Bytedesk <=1.3.9 Unrestricted Upload of File with Dangerous Type (CWE-434) [Accepted]
1 month ago
Submit #768028 / VDB-349726
ZAST.AI
CVE-2026-3747 | itsourcecode University Management System 1.0 /add_result.php subject sql injection (EUVD-2026-10250)
1 month ago
A vulnerability was found in itsourcecode University Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument subject leads to sql injection.
This vulnerability is traded as CVE-2026-3747. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2026-3746 | SourceCodester Simple Responsive Tourism Website 1.0 Login Login.php?f=login Username sql injection (EUVD-2026-10249)
1 month ago
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection.
This vulnerability appears as CVE-2026-3746. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
CVE-2026-3745 | code-projects Student Web Portal 1.0 profile.php User sql injection (EUVD-2026-10248)
1 month ago
A vulnerability, which was classified as critical, was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection.
This vulnerability is reported as CVE-2026-3745. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
CVE-2026-3744 | code-projects Student Web Portal 1.0 signup.php valreg_passwdation reg_passwd sql injection (EUVD-2026-10247)
1 month ago
A vulnerability, which was classified as critical, has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql injection.
This vulnerability is documented as CVE-2026-3744. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
CVE-2026-3743 | YiFang CMS 2.0.5 D_singlePageGroup.php update Name cross site scripting (EUVD-2026-10246)
1 month ago
A vulnerability classified as problematic was found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting.
This vulnerability is registered as CVE-2026-3743. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-3742 | YiFang CMS 2.0.5 D_singlePage.php update Title cross site scripting (EUVD-2026-10245)
1 month ago
A vulnerability classified as problematic has been found in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. Performing a manipulation of the argument Title results in cross site scripting.
This vulnerability is cataloged as CVE-2026-3742. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-3741 | YiFang CMS 2.0.5 D_friendLink.php update linkName cross site scripting (EUVD-2026-10244)
1 month ago
A vulnerability described as problematic has been identified in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads to cross site scripting.
This vulnerability is listed as CVE-2026-3741. The attack may be performed from remote. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #767947: itsourcecode V1.0 SQL injection [Accepted]
1 month ago
Submit #767947 / VDB-349725
Guo HaiTao
Submit #767882: sourcecodester.com Simple Responsive Tourism Website V1.0 SQL Injection [Accepted]
1 month ago
Submit #767882 / VDB-349724
Choco094late