5.1
CVE-2026-3742 - YiFang CMS D_singlePage.php update cross site scripting
A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and mayβ¦
5.1
CVE-2026-3741 - YiFang CMS D_friendLink.php update cross site scripting
A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed puβ¦
6.9
CVE-2026-3740 - itsourcecode University Management System admin_search_student.php sql injection
A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql injection. The attack is possible to be carried out remotely. The exploit has beeβ¦
5.3
CVE-2026-3739 - suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The eβ¦
5.3
CVE-2026-3738 - SourceCodester Pet Grooming Management Software Financial Report improper authorization
A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available aβ¦
5.3
CVE-2026-3737 - SourceCodester Pet Grooming Management Software User Creation add_user.php improper authorization
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has beenβ¦
6.9
CVE-2026-3736 - code-projects Simple Flight Ticket Booking System SearchResultRoundtrip.php sql injection
A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploit β¦
6.9
CVE-2026-3735 - code-projects Simple Flight Ticket Booking System SearchResultOneway.php sql injection
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit hasβ¦
6.9
CVE-2026-3734 - SourceCodester Client Database Management System Endpoint fetch_manager_details.php improper authorβ¦
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The explβ¦
5.3
CVE-2026-3733 - xuxueli xxl-job JobInfoController.java server-side request forgery
A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The exploitβ¦