Aggregator

Submit #798463 / VDB-359655

Name: Alfa CTF 2026 (an Alfa CTF event.)
Date: April 25, 2026, 6 a.m. — 25 April 2026, 18:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://alfactf.ru/
Rating weight: 21.67
Event organizers: SPbCTF

Name: CTF@AC26 - Quals (an CTF@AC event.)
Date: April 25, 2026, 7 a.m. — 26 April 2026, 07:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.ac.upt.ro/
Rating weight: 24.53
Event organizers: UPT-CTF

Submit #798462 / VDB-359629

Эре секретных программ пришел конец?

Submit #798461 / VDB-359654

Submit #798460 / VDB-359653

A vulnerability has been found in itsourcecode Construction Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. This vulnerability is cataloged as CVE-2026-7075. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. This vulnerability is listed as CVE-2026-7074. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. This vulnerability is tracked as CVE-2026-7073. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. This vulnerability is identified as CVE-2026-7072. The attack can be executed remotely. Additionally, an exploit exists.

Submit #799547 / VDB-359652

Submit #799546 / VDB-359651

政治叙事中的逻辑跳跃

Submit #799545 / VDB-359650

Submit #799544 / VDB-359649

Submit #799543 / VDB-359648

Submit #799482 / VDB-359647

A vulnerability classified as problematic has been found in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. This vulnerability is referenced as CVE-2026-7071. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The identification of this vulnerability is CVE-2026-7070. The attack may be launched remotely. Furthermore, there is an exploit available.