CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_exam.php file via the ID argument. The attack can be performed remotely and the exploit has been publicly disclosed.
A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the /patientreport.php file. Manipulating the editid argument allows remote exploitation. The exploit has been publicly released, increasing the risk of attacks.
A SQL injection vulnerability has been discovered in itsourcecode Hospital Management System 1.0 in the /patientprofile.php file. An attacker can remotely manipulate the patientname argument, leading to SQL injection. The exploit has been publicly released and may be used in attacks.
A vulnerability was found in SourceCodester Online Boat Reservation System 1.0 involving an unknown functionality that leads to session expiration. The attack can be launched remotely and the exploit is publicly available.
In AD-Security AD_Miner 1.9.0, the Cache Handler component's request_a function in ad_miner/scripts/analyse_cache.py mishandles the sys.argv[1] argument, causing deserialization. The attack requires local access.
A vulnerability was found in TidGi-Desktop up to version 0.13.0 in the Git Repository Import component. An unknown function in loadWikiTiddlersWithSubWikis.ts allows remote code injection. The exploit has been made public.
A vulnerability was found in UTT HiPER 1250GW up to version 3.2.7-210907-180535 in the file /goform/ConfigWirelessBase_5g. Manipulation of the ssid argument leads to a stack-based buffer overflow, exploitable remotely. The exploit has been publicly disclosed.
A vulnerability was found in SourceCodester Online Examination & Learning Management System 1.0 in the register.php file. Manipulating the 'role' argument during user registration allows improper privilege management. The attack can be executed remotely and an exploit has been published.
A flaw in the org.keycloak.broker.oidc package causes incorrect synchronization of the email_verified claim. When an OIDC provider has trustEmail=true and userinfo endpoint enabled, Keycloak retrieves the email from userinfo but the email_verified status only from the id_token. Lack of validation allows applying the verified status to any email address from userinfo.
A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the /patientlogin.php file. An attacker can remotely manipulate the loginid argument, leading to unauthorized database access. The exploit is publicly available.
A security vulnerability was found in GoClaw up to version 3.13.0-beta.2. The issue affects the MethodRouter.Handle function in internal/gateway/router.go of the WebSocket RPC Handler component, leading to incorrect authorization. The attack can be launched remotely and the exploit has been publicly disclosed.
A missing authentication vulnerability exists in the verify_server function of the wx Endpoint component in zhayujie chatgpt-on-wechat CowAgent 2.1.0. The attack can be performed remotely and the exploit is publicly available.
A SQL injection vulnerability has been discovered in SourceCodester Pizzafy E-Commerce System 1.0 in the file /admin/ajax.php?action=confirm_order. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit has been publicly released.
A SQL injection vulnerability was found in the Online Examination 1.0 system in the quiz creation feature. An attacker can remotely manipulate the name/total/right/wrong/time/tag/desc arguments in /update.php?q=addquiz, leading to SQL injection. The exploit is publicly available.
A SQL injection vulnerability was found in Online Examination 1.0 in the head.php file via the uname/password arguments. The attack can be launched remotely and the exploit has been publicly disclosed.
A vulnerability was found in bluebox up to version 4.5.12, allowing Cross-Site Scripting (XSS) via manipulation of the 'code' argument. The attack can be performed remotely and the exploit has been made public.
A SQL Injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the file /patientorder.php. An unknown function allows manipulation of the editid argument, enabling remote SQL injection. The exploit has been publicly disclosed.
A vulnerability has been found in zcaceres markdownify-mcp up to version 1.1.0, involving insufficiently random values in the saveToTempFile function of src/Markdownify.ts. The attack requires local access and is difficult to exploit, but an exploit has been published.
A SQL injection vulnerability was found in the Internship Management System 1.0 in the file employer/details/change_password.php. An attacker can remotely manipulate the Current argument, leading to SQL injection. The exploit is publicly available.
A SQL injection vulnerability has been found in code-projects Internship Management System 1.0 in the employer/login.php file. An attacker can remotely manipulate the email/password arguments to inject malicious SQL code. Exploit details have been publicly disclosed.

