CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A SQL injection vulnerability was found in code-projects Online Examination 1.0 in the quiz creation feature. An attacker can remotely manipulate the name, total, right, wrong, time, tag, desc arguments in /update.php?q=addquiz, leading to SQL injection. The exploit is publicly available.
A SQL injection vulnerability was found in Online Examination 1.0 in the head.php file via manipulation of the uname/password arguments. The attack can be launched remotely and the exploit has been publicly disclosed.
A vulnerability was found in bluebox up to version 4.5.12, allowing Cross-Site Scripting (XSS) via manipulation of the 'code' argument. The attack can be performed remotely and the exploit has been made public.
A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the file /patientorder.php. An unknown function allows manipulation of the editid argument, enabling remote SQL injection. The exploit has been publicly disclosed.
A flaw in zcaceres markdownify-mcp up to version 1.1.0 causes insufficiently random values in the saveToTempFile function of src/Markdownify.ts. The attack requires local access and is difficult to exploit, but an exploit has been published.
A SQL injection vulnerability was found in the Internship Management System 1.0 in the file employer/details/change_password.php. An attacker can remotely manipulate the Current argument, leading to SQL injection. The exploit is publicly available.
A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Login Endpoint. The manipulation of the argument email/password leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A vulnerability has been discovered in zcaceres markdownify-mcp up to version 1.1.0, involving symlink following in the assertPathAllowed function of src/Markdownify.ts. The attack can only be executed locally.
A security flaw in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0 allows unrestricted file upload via upload_files.php. The vulnerability can be exploited remotely and a public exploit is available.
A SQL injection vulnerability was found in the save_client function of the classes/Users.php file in SourceCodester Multi-Vendor Online Grocery Management System 1.0. An attacker can remotely manipulate the Name argument, leading to SQL injection. The exploit has been made public and could be used.
A SQL injection vulnerability was found in the cancel_order function of classes/Master.php in SourceCodester Multi-Vendor Online Grocery Management System 1.0. An attacker can remotely manipulate the ID argument, leading to SQL injection.
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0, affecting the cancel_order function in classes/Master.php. Manipulation of this function can lead to improper authorization. The attack can be performed remotely and the exploit is publicly available.
A SQL injection vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. The issue affects the save_shop_type function in classes/Master.php, which mishandles POST parameters. The attack can be performed remotely and the exploit is publicly available.
A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0, involving code injection in the update_settings_info function of classes/SystemSettings.php. The attack can be executed remotely, and the exploit has been publicly disclosed.
A weakness in SourceCodester Multi-Vendor Online Grocery Management System 1.0 affects the save_users function in classes/Users.php, causing improper authorization. Remote exploitation is possible without authentication, and a public exploit increases attack risk.
A SQL injection vulnerability has been discovered in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/add-apartment.php. An attacker can remotely manipulate the apartmentno argument, leading to unauthorized database access. The exploit has been publicly released, increasing the risk of attacks.
A vulnerability in the Crypt::DSA library for Perl before version 1.22 causes the DSA signing nonce and private key to be drawn from a biased random generator, enabling private key recovery. An attacker with the public key and a modest number of signatures can perform a lattice attack to recover the private key.
A SQL injection vulnerability was found in itsourcecode Online Hotel Management System 1.0 in the file /admin/login.php. The attack involves manipulating the email argument, allowing remote SQL injection. The exploit is publicly available.
A vulnerability was found in the InsightEngine component of BettaFish up to version 1.2.1, specifically in the _deduplicate_results function of InsightEngine/agent.py. Input manipulation leads to partial string comparison, allowing remote exploitation. The exploit has been publicly disclosed and may be used.
A vulnerability was found in HdrHistogram up to version 2.2.2 in the `org.HdrHistogram.DoubleHistogram.recordValue` function. The issue involves an incorrect comparison in the Range Check component, leading to potential manipulation. The attack requires local access and the exploit has been made public.

