Aggregator

Submit #813449 / VDB-365436

Submit #813447 / VDB-365435

Submit #813768 / VDB-365434

Submit #813767 / VDB-365433

A vulnerability has been found in code-projects Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2026-9451. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, was found in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql injection. This vulnerability is known as CVE-2026-9450. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. This vulnerability is traded as CVE-2026-9449. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in code-projects Employee Management System 1.0. This affects an unknown function of the file /applyleave.php. Executing a manipulation of the argument ID can lead to cross site scripting. This vulnerability appears as CVE-2026-9448. The attack may be performed from remote. In addition, an exploit is available.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May […]

A vulnerability classified as critical has been found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. This vulnerability is reported as CVE-2026-9447. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability described as critical has been identified in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2026-9446. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. This vulnerability is registered as CVE-2026-9445. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2026-9444. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #813707 / VDB-365432

Submit #813706 / VDB-365431

Submit #813705 / VDB-365430

Submit #813704 / VDB-365429

Submit #813614 / VDB-365428

Submit #813613 / VDB-365427

Submit #813612 / VDB-365426