Skip to main content
CVE-2025-15598 LOW POC Monitor

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns use...

Information Disclosure Sqlbot
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-26889 LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26888 LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26887 LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26890 LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26886 LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26885 LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26884 LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26883 LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26891 LOW POC Monitor

Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-3487 LOW POC Monitor

SQL injection in itsourcecode College Management System 1.0 allows authenticated remote attackers to manipulate the course_code parameter in /admin/class-result.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3486 LOW POC Monitor

SQL injection in itsourcecode College Management System 1.0 via the roll_no parameter in /admin/student-fee.php allows authenticated administrators to execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but poses a risk to confidentiality, integrity, and availability of student records.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3463 LOW POC Monitor

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. [CVSS 3.3 LOW]

Buffer Overflow Xlnt
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-25674 LOW PATCH Monitor

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. [CVSS 3.7 LOW]

Golang Django Race Condition
NVD VulDB HeroDevs
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-20757 LOW Monitor

Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. [CVSS 2.5 LOW]

Race Condition
NVD
CVSS 3.1
2.5
EPSS
0.0%
CVE-2023-31044 LOW Monitor

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. [CVSS 2.0 LOW]

RCE Code Injection Impact Mobile
NVD
CVSS 3.1
2.0
EPSS
0.0%
CVE-2026-3455 LOW PATCH Monitor

Versions of the package mailparser versions up to 3.9.3 is affected by cross-site scripting (xss) (CVSS 6.1).

XSS Mailparser
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3449 LOW PATCH Monitor

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded app...

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-3465 LOW Monitor

A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. [CVSS 3.1 LOW]

Denial Of Service Google
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy