Export limit exceeded: 334621 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (483 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2983 | 2 Munyweki, Sourcecodester | 2 Student Result Management System, Student Result Management System | 2026-02-24 | 7.3 High |
| A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-2984 | 2 Munyweki, Sourcecodester | 2 Student Result Management System, Student Result Management System | 2026-02-24 | 6.5 Medium |
| A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID leads to denial of service. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3070 | 1 Sourcecodester | 1 Modern Image Gallery App | 2026-02-24 | 4.3 Medium |
| A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-2848 | 2 Oretnom23, Sourcecodester | 2 Simple Responsive Tourism Website, Simple Responsive Tourism Website | 2026-02-24 | 7.3 High |
| A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-2938 | 2 Munyweki, Sourcecodester | 2 Student Result Management System, Student Result Management System | 2026-02-23 | 7.3 High |
| A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-70141 | 2 Oretnom23, Sourcecodester | 2 Customer Support System, Customer Support System | 2026-02-23 | 9.4 Critical |
| SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An unauthenticated remote attacker can perform sensitive operations such as creating customers and deleting users (including the admin account), as well as modifying or deleting other application records (tickets, departments, comments), resulting in unauthorized data modification. | ||||
| CVE-2026-2177 | 2 Fast5, Sourcecodester | 2 Prison Management System, Prison Management System | 2026-02-23 | 7.3 High |
| A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-2160 | 2 Oretnom23, Sourcecodester | 2 Simple Responsive Tourism Website, Simple Responsive Tourism Website | 2026-02-23 | 4.3 Medium |
| A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-2159 | 2 Oretnom23, Sourcecodester | 2 Simple Responsive Tourism Website, Simple Responsive Tourism Website | 2026-02-23 | 4.3 Medium |
| A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-2154 | 3 Pamzey, Patrick Mvuma, Sourcecodester | 3 Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System | 2026-02-23 | 4.3 Medium |
| A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument First Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-2150 | 3 Pamzey, Patrick Mvuma, Sourcecodester | 3 Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System | 2026-02-23 | 4.3 Medium |
| A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patient_id causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-2149 | 3 Pamzey, Patrick Mvuma, Sourcecodester | 3 Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System | 2026-02-23 | 4.3 Medium |
| A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patient_id results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-2090 | 2 Janobe, Sourcecodester | 2 Online Class Record System, Online Class Record System | 2026-02-23 | 7.3 High |
| A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-2089 | 2 Janobe, Sourcecodester | 2 Online Class Record System, Online Class Record System | 2026-02-23 | 7.3 High |
| A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2026-2087 | 2 Janobe, Sourcecodester | 2 Online Class Record System, Online Class Record System | 2026-02-23 | 7.3 High |
| A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument user_email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-2059 | 2 Bontrofftech, Sourcecodester | 2 Medical Center Portal Management System, Medical Center Portal Management System | 2026-02-23 | 7.3 High |
| A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-2057 | 2 Bontrofftech, Sourcecodester | 2 Medical Center Portal Management System, Medical Center Portal Management System | 2026-02-23 | 7.3 High |
| A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2026-2009 | 2 Mayurik, Sourcecodester | 2 Gas Agency Management System, Gas Agency Management System | 2026-02-23 | 6.3 Medium |
| A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-1745 | 2 Oretnom23, Sourcecodester | 2 Medical Certificate Generator App, Medical Certificate Generator App | 2026-02-23 | 4.3 Medium |
| A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-1702 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2026-02-23 | 6.3 Medium |
| A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. | ||||