Submit #767854: code-projects STUDENT WEB PORTAL V1.0 SQL Injection [Accepted]
Submit #767854 / VDB-349723
Aggregator
Submit #767853: code-projects STUDENT WEB PORTAL V1.0 SQL injection [Duplicate]
1 month ago
Submit #767853 / VDB-344860
Choco094late
Submit #767852: code-projects STUDENT WEB PORTAL V1.0 SQL Injection [Accepted]
1 month ago
Submit #767852 / VDB-349722
Choco094late
CVE-2026-3740 | itsourcecode University Management System 1.0 admin_search_student.php admin_search_student sql injection (EUVD-2026-10243)
1 month ago
A vulnerability marked as critical has been reported in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql injection.
This vulnerability is tracked as CVE-2026-3740. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com
CVE-2026-3739 | suitenumerique messages 0.2.0 ThreadAccess serializers.py ThreadAccessSerializer improper authentication (GHSA-7476-6crq-4cw9 / EUVD-2026-10242)
1 month ago
A vulnerability labeled as critical has been found in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication.
This vulnerability is identified as CVE-2026-3739. The attack can be executed remotely. Additionally, an exploit exists.
The affected component should be upgraded.
vuldb.com
Submit #767848: YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_singlePageGroup.php name [Accepted]
1 month ago
Submit #767848 / VDB-349721
ZZCTD
Submit #767847: YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_singlePage.php title para [Accepted]
1 month ago
Submit #767847 / VDB-349720
ZZCTD
Submit #767273: YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_friendLink.php [Accepted]
1 month ago
Submit #767273 / VDB-349719
ZZCTD
Submit #767385: itsourcecode Free Hotel Reservation System V1.0 SQL Injection [Duplicate]
1 month ago
Submit #767385 / VDB-349708
sgwt
Submit #767341: itsourcecode V1.0 SQL injection [Accepted]
1 month ago
Submit #767341 / VDB-349718
Jon0
Submit #767329: La Suite Numerique messages 0.2.0 IDOR [Accepted]
1 month ago
Submit #767329 / VDB-349717
djnn
CVE-2026-28678 | toxicbishop DSA-with-tsx server/routes/auth.js missing encryption (GHSA-vmxr-562h-rcgg / EUVD-2026-10157)
1 month ago
A vulnerability was found in toxicbishop DSA-with-tsx. It has been declared as problematic. Impacted is an unknown function of the file server/routes/auth.js. Executing a manipulation can lead to missing encryption of sensitive data.
The identification of this vulnerability is CVE-2026-28678. The attack may be launched remotely. There is no exploit available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2026-30863 | parse-community parse-server up to 8.6.9/9.5.0-alpha.10 Configuration Options improper authentication (EUVD-2026-10172)
1 month ago
A vulnerability has been found in parse-community parse-server up to 8.6.9/9.5.0-alpha.10 and classified as critical. This affects an unknown part of the component Configuration Options Handler. This manipulation causes improper authentication.
This vulnerability is handled as CVE-2026-30863. The attack can be initiated remotely. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2026-29194 | gravitl netmaker up to 1.4.x Endpoint authorization (GHSA-hmqr-wjmj-376c / EUVD-2026-10159)
1 month ago
A vulnerability was found in gravitl netmaker up to 1.4.x and classified as critical. This vulnerability affects unknown code of the component Endpoint. Such manipulation leads to incorrect authorization.
This vulnerability is uniquely identified as CVE-2026-29194. The attack can be launched remotely. No exploit exists.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-30848 | parse-community parse-server up to 8.6.7/9.5.0-alpha.7 path traversal (EUVD-2026-10169)
1 month ago
A vulnerability marked as critical has been reported in parse-community parse-server up to 8.6.7/9.5.0-alpha.7. Affected is an unknown function. Performing a manipulation results in path traversal.
This vulnerability is cataloged as CVE-2026-30848. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-30850 | parse-community parse-server up to 8.6.8/9.5.0-alpha.8 File Metadata Endpoint :filename authorization (EUVD-2026-10170)
1 month ago
A vulnerability described as problematic has been identified in parse-community parse-server up to 8.6.8/9.5.0-alpha.8. Affected by this vulnerability is an unknown functionality of the file /files/:appId/metadata/:filename of the component File Metadata Endpoint. Executing a manipulation can lead to missing authorization.
This vulnerability is registered as CVE-2026-30850. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-29195 | gravitl netmaker up to 1.4.x /api/users/ Username authorization (EUVD-2026-10160)
1 month ago
A vulnerability, which was classified as problematic, was found in gravitl netmaker up to 1.4.x. This issue affects some unknown processing of the file /api/users/. Such manipulation of the argument Username leads to incorrect authorization.
This vulnerability is traded as CVE-2026-29195. The attack may be launched remotely. There is no exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2026-29196 | gravitl netmaker up to 1.4.x API Endpoint /api/extclients/ Network authorization (EUVD-2026-10161)
1 month ago
A vulnerability has been found in gravitl netmaker up to 1.4.x and classified as problematic. Impacted is an unknown function of the file /api/extclients/ of the component API Endpoint. Performing a manipulation of the argument Network results in incorrect authorization.
This vulnerability is known as CVE-2026-29196. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
vuldb.com
CVE-2026-30854 | parse-community parse-server up to 9.5.0-alpha.9 graphQLPublictrospection authorization (EUVD-2026-10171)
1 month ago
A vulnerability classified as problematic has been found in parse-community parse-server up to 9.5.0-alpha.9. Affected by this issue is some unknown functionality of the component graphQLPublictrospection. The manipulation leads to incorrect authorization.
This vulnerability is documented as CVE-2026-30854. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-2671 | Mendi Neurofeedback Headset V4 Bluetooth Low Energy cleartext transmission (EUVD-2026-10185)
1 month ago
A vulnerability identified as problematic has been detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information.
This vulnerability is identified as CVE-2026-2671. The attack can only be performed from the local network. There is not any exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com