5.3
CVE-2026-5649 - code-projects Online Application System for Admission Endpoint admsnform.php sql injection
A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has beeโฆ
6.9
CVE-2026-5648 - code-projects Simple Laundry System Parameter userfinishregister.php sql injection
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The explโฆ
4.8
CVE-2026-5647 - code-projects Online Shoe Store Add Product admin_feature.php cross site scripting
A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argument product_name results in cross site scripting. The attack may be launched remotely. The exploit iโฆ
6.9
CVE-2026-5646 - code-projects Easy Blog Site login.php sql injection
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosedโฆ
6.9
CVE-2026-5645 - projectworlds Car Rental System Parameter pay.php sql injection
A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a manipulation of the argument mpesa can lead to sql injection. The attack can be launched remotely. Tโฆ
4.8
CVE-2026-5644 - Cyber-III Student-Management-System batch-notice.php cross site scripting
A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $_SERVER['PHP_SELF'] results in cross site scriptingโฆ
4.8
CVE-2026-5643 - Cyber-III Student-Management-System Admin Add Endpoint notice.php cross site scripting
A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of the component Admin Add Endpoint. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to crosโฆ
6.9
CVE-2026-5642 - Cyber-III Student-Management-System HTTP POST Request update.php improper authorization
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It isโฆ
5.6
CVE-2026-5673 - Libtheora: libtheora: denial of service or information disclosure via malformed avi file processing
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a tโฆ
5.3
CVE-2026-5641 - PHPGurukul Online Shopping Portal Project Parameter update-image1.php sql injection
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from remotโฆ