5.1
CVE-2026-3752 - SourceCodester Employee Task Management System GET Parameter daily-task-report.php sql injection
A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the attac…
5.1
CVE-2026-3751 - SourceCodester Employee Task Management System GET Parameter daily-attendance-report.php sql inject…
A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from remot…
5.1
CVE-2026-3750 - ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side req…
5.3
CVE-2026-3749 - Bytedesk SVG File UploadRestService.java handleFileUpload unrestricted upload
A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The att…
5.3
CVE-2026-3748 - Bytedesk SVG File UploadRestController.java uploadFile unrestricted upload
A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitation…
6.9
CVE-2026-3747 - itsourcecode University Management System add_result.php sql injection
A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument subject leads to sql injection. The attack may be launched remotely. The exploit is publicly available…
6.9
CVE-2026-3746 - SourceCodester Simple Responsive Tourism Website Login Login.php sql injection
A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may b…
5.3
CVE-2026-3745 - code-projects Student Web Portal profile.php sql injection
A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
6.9
CVE-2026-3744 - code-projects Student Web Portal signup.php valreg_passwdation sql injection
A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may…
5.1
CVE-2026-3743 - YiFang CMS D_singlePageGroup.php update cross site scripting
A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used. T…