CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_room.php file. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit is publicly available.
A SQL Injection vulnerability has been detected in code-projects Real State Services 1.0. The issue occurs in the /pay.php file, where the Bankname argument is vulnerable to manipulation. The attack can be performed remotely, and the exploit has been publicly disclosed.
A SQL injection vulnerability has been found in code-projects Real State Services 1.0 in the /builderHome.php file via the loc parameter. The attack can be performed remotely and the exploit is publicly available.
A SQL injection vulnerability has been discovered in CodeAstro Ecommerce Website 1.0 in the file /ecommerce-website-php/customer/confirm.php. An attacker can remotely manipulate the invoice_no parameter, leading to unauthorized database access. The exploit has been publicly released, increasing the risk of attacks.
A SQL injection vulnerability was found in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/search-result.php. An attacker can remotely manipulate the searchdata argument, leading to SQL injection. The exploit is publicly available.
AIL Framework contains a path traversal vulnerability in its PDF object handling. The PDF.get_filepath() function constructs a file path by joining the configured PDF storage directory with a PDF object identifier without verifying the resolved path stays within the intended PDF_FOLDER directory. An authenticated attacker can use a crafted identifier to read files outside this directory.
A SQL injection vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0 in the /admin/add_event.php file. An attacker can remotely manipulate the fdetails argument, leading to SQL injection. The exploit has been publicly disclosed.
A SQL injection vulnerability has been found in Hotel and Tourism Reservation 1.0 in the file /admin/tour_reserves.php. An attacker can remotely manipulate the tour argument, leading to SQL injection. The exploit has been published and may be used.
A SQL Injection vulnerability was found in Hotel and Tourism Reservation 1.0 in the /admin/rooms.php file. Manipulation of the delete argument in the room management function allows an attacker to inject malicious SQL code. The attack can be performed remotely and the exploit is publicly available.
An integer overflow vulnerability has been detected in radare2 up to version 6.1.6 in the functions r_str_ndup and r_str_append within libr/util/str.c. The attack requires local access and the exploit has been publicly disclosed.
A use-after-free vulnerability has been found in radare2 up to version 6.1.6 in the r_core_seek_arch_bits function within libr/core/disasm.c, in the regprofile handler component. Manipulation can lead to use after free.
A security flaw in radare2 up to version 6.1.6 affects the function r_bin_java_inner_classes_attr_calc_size in shlr/java/class.c, part of the RBinJava Line Number Table Parser. Manipulation leads to a heap-based buffer overflow. The attack requires local access and the exploit has been made public.
A vulnerability in Pardus-Parental-Control (versions up to 0.5.1 before 0.7.0) is caused by incorrect permission assignment for critical resources and improper access control. This allows an attacker to perform DNS Spoofing, i.e., impersonate a DNS server and redirect network traffic.
Missing authorization in Pardus Update allows privilege escalation. The vulnerability affects versions 0.6.3 and earlier, before version 0.6.6.
A vulnerability was found in radare2 up to version 6.1.6 in the cmd_anal_opcode function of libr/core/cmd_anal.inc.c within the hexpairs Parser component. Data manipulation leads to an integer overflow. The attack requires local access and an exploit is publicly available.
A vulnerability was found in radareorg radare2 up to version 6.1.6 in the core_anal_bytes function of libr/core/cmd_anal.inc. Manipulation leads to integer overflow. The attack requires local access and the exploit has been publicly disclosed.
A SQL injection vulnerability was found in Hotel and Tourism Reservation 1.0 in the file /admin/add_tour.php. Manipulation of the delete_image argument allows SQL injection. The attack can be launched remotely and the exploit is publicly available.
A SQL Injection vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0 in the file /admin/reservations.php. An unknown functionality of the Reservations Management Page allows manipulation of the delete argument, leading to SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed.
A vulnerability in Pardus Pen (TUBITAK BILGEM) due to improper null termination leads to buffer overflow. It affects versions <=4.1.5 before 4.2.1.
A vulnerability in Pardus Domain Joiner allows sensitive information to be exposed during process invocation, enabling its extraction. The issue affects versions from 0.5.2 before 0.5.4.

