CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A SQL injection vulnerability was found in the Internship Management System 1.0 in the file employer/details/change_password.php. An attacker can remotely manipulate the Current argument, leading to SQL injection. The exploit is publicly available.
A SQL injection vulnerability has been found in code-projects Internship Management System 1.0 in the employer/login.php file. An attacker can remotely manipulate the email/password arguments to inject malicious SQL code. Exploit details have been publicly disclosed.
A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. An unknown function in upload_files.php allows unrestricted file upload, which can be exploited remotely. The exploit has been publicly released and may be used for attacks.
A SQL injection vulnerability was found in the save_client function of classes/Users.php in SourceCodester Multi-Vendor Online Grocery Management System 1.0. An attacker can remotely manipulate the Name argument, leading to SQL injection. The exploit has been made public.
A SQL injection vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0 in the cancel_order function of classes/Master.php. Manipulation of the ID argument in POST requests allows SQL injection. The attack can be performed remotely and the exploit has been publicly disclosed.
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0, affecting the cancel_order function in classes/Master.php. Manipulation of this function can lead to improper authorization. The attack can be performed remotely and an exploit has been published.
A weakness in SourceCodester Multi-Vendor Online Grocery Management System 1.0 affects the save_users function in classes/Users.php, causing improper authorization. Remote exploitation is possible and the exploit is publicly available.
A SQL injection vulnerability has been discovered in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/add-apartment.php. An attacker can remotely manipulate the apartmentno argument, leading to SQL injection. The exploit has been publicly released.
A SQL injection vulnerability was found in itsourcecode Online Hotel Management System 1.0 in the file /admin/login.php. An attacker can remotely manipulate the email argument, leading to SQL injection. The exploit is publicly available.
A vulnerability was found in the InsightEngine component of BettaFish up to version 1.2.1, specifically in the _deduplicate_results function of InsightEngine/agent.py. Input manipulation can lead to partial string comparison, enabling remote attacks. The exploit has been publicly disclosed and may be used.
A vulnerability has been found in HdrHistogram up to version 2.2.2, involving uncontrolled memory allocation in the decodeFromByteBuffer function of the AbstractHistogram class. The numberOfSignificantValueDigits argument can be manipulated, leading to memory exhaustion. The attack requires local access and an exploit has been published.
A vulnerability was found in HdrHistogram up to version 2.2.2, involving uncontrolled memory allocation in the decodeFromCompressedByteBuffer function. Manipulating the lengthOfCompressedContents argument can cause excessive memory consumption. The attack requires local access and the exploit is publicly available.
A SQL injection vulnerability was found in Online Job Portal 1.0 in the login.php file. Manipulating the txtUser or txtPass arguments allows remote attackers to execute unauthorized database queries. The exploit has been made public, increasing the risk of exploitation.
A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0. The issue exists in the /patientappointment.php file, where the patiente argument is vulnerable to manipulation. The attack can be launched remotely, and the exploit has been publicly disclosed.
A cross-site scripting vulnerability was found in Assessment Management 1.0 in /admin/remove-user.php. Manipulation of the ID argument allows remote script execution. The exploit is publicly available.
A cross-site scripting vulnerability has been found in Assessment Management 1.0 in the admin/view-users.php file. Manipulation of the User argument can lead to script execution in the browser. The attack is remotely exploitable and the exploit is publicly available.
A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/girlsproductdeletequery.php. An attacker can remotely manipulate the user_id argument, leading to SQL injection. The exploit is publicly available.
A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/mensproductdeletequery.php. An attacker can remotely manipulate the user_id argument, leading to SQL injection. The exploit has been publicly disclosed.
A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/login.php. An attacker can remotely manipulate the Username argument, leading to SQL injection. The exploit has been made public and could be used.
A flaw in grass up to version 0.13.4 allows a local denial of service via the grass_compiler::raw_to_parse_error function in the UTF-8 Character Handler component. The project maintainer considers DoS vulnerabilities acceptable in Sass compilers.

