Search Results (37414 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-3261 1 Itsourcecode 1 School Management System 2026-04-17 7.3 High
A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
CVE-2026-27153 1 Discourse 1 Discourse 2026-04-17 2.7 Low
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in `can_export_entity?`. The method allowed moderators to export any entity not explicitly blocked instead of restricting to an explicit allowlist. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.
CVE-2019-25710 1 Dolibarr 2 Dolibarr Erp/crm, Dolibarr Erp\/crm 2026-04-17 8.2 High
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.
CVE-2026-27457 1 Weblate 1 Weblate 2026-04-17 4.3 Medium
Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's `AddonViewSet` (`weblate/api/views.py`, line 2831) uses `queryset = Addon.objects.all()` without overriding `get_queryset()` to scope results by user permissions. This allows any authenticated user (or anonymous users if `REQUIRE_LOGIN` is not set) to list and retrieve ALL addons across all projects and components via `GET /api/addons/` and `GET /api/addons/{id}/`. Version 5.16.1 fixes the issue.
CVE-2026-28217 1 Hoppscotch 1 Hoppscotch 2026-04-17 6.5 Medium
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized `data` field containing HTTP requests with headers and potentially secrets — to any authenticated user, without verifying that the requesting user owns the collection. This is an Insecure Direct Object Reference (IDOR) caused by a missing authorization check that exists on every other operation in the same resolver. Version 2026.2.0 fixes the issue.
CVE-2026-28276 1 Morelitea 1 Initiative 2026-04-17 7.5 High
Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be accessed directly via its URL by unauthenticated users (e.g., in an incognito browser session), leading to potential disclosure of sensitive documents. The problem was patched in v0.32.2, and the patch was further improved on in 032.4.
CVE-2026-3292 1 Jizhicms 1 Jizhicms 2026-04-17 6.3 Medium
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-27653 2 Soliton, Soliton Systems K.k. 6 Securebrowser For Onegate, Securebrowser Ii, Secureworkspace and 3 more 2026-04-17 6.7 Medium
The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.
CVE-2019-25711 2 Nsasoft, Nsauditor 2 Spotftp, Spotftp Password Recover 2026-04-17 6.2 Medium
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.
CVE-2019-25713 2 Myt, Myt Project 2 Project Management, Myt 2026-04-17 7.1 High
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data.
CVE-2026-27836 2 Phpmyfaq, Thorsten 2 Phpmyfaq, Phpmyfaq 2026-04-17 7.5 High
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Version 4.0.18 fixes the issue.
CVE-2026-28516 1 Opendcim 1 Opendcim 2026-04-17 8.8 High
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input sanitation. An authenticated user can execute arbitrary SQL statements against the underlying database.
CVE-2026-28554 2 Gvectors, Wordpress 2 Wpforo Forum, Wordpress 2026-04-17 4.3 Medium
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to approve or unapprove any forum post via the wpforo_approve_ajax AJAX handler. Attackers exploit the nonce-only check by submitting a valid nonce with an arbitrary post ID to bypass moderation controls entirely.
CVE-2026-28562 2 Gvectors, Wordpress 2 Wpforo Forum, Wordpress 2026-04-17 8.2 High
wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials from the WordPress database.
CVE-2026-26709 2 Carmelo, Code-projects 2 Simple Gym Management System, Simple Gym Management System 2026-04-17 9.8 Critical
code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php.
CVE-2026-26695 2 Carmelo, Code-projects 2 Simple Student Alumni System, Simple Student Alumni System 2026-04-17 9.8 Critical
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.
CVE-2026-26703 2 Jon-remus-sevellejo, Sourcecodester 2 Personnel Property Equipment System, Personnel Property Equipment System 2026-04-17 9.8 Critical
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php.
CVE-2026-26700 2 Jon-remus-sevellejo, Sourcecodester 2 Personnel Property Equipment System, Personnel Property Equipment System 2026-04-17 9.8 Critical
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.
CVE-2026-26702 2 Jon-remus-sevellejo, Sourcecodester 2 Personnel Property Equipment System, Personnel Property Equipment System 2026-04-17 9.8 Critical
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php.
CVE-2026-26704 2 Oretnom23, Sourcecodester 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System 2026-04-17 9.8 Critical
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php.