Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14804 vulnerabilities
CVE-2026-12176 (GCVE-0-2026-12176)
Vulnerability from cvelistv5 – Published: 2026-06-13 23:15 – Updated: 2026-06-13 23:15 X_Freeware
VLAI
Title
SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting
Summary
A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370818 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370818/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12176 | third-party-advisory |
| https://vuldb.com/submit/837732 | third-party-advisory |
| https://www.sourcecodester.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | CET Automated Grading System with AI Predictive Analytics |
Affected:
1.0
cpe:2.3:a:sourcecodester:cet_automated_grading_system_with_ai_predictive_analytics:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:cet_automated_grading_system_with_ai_predictive_analytics:*:*:*:*:*:*:*:*"
],
"product": "CET Automated Grading System with AI Predictive Analytics",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Abhay mp (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T23:15:10.784Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370818 | SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370818"
},
{
"name": "VDB-370818 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370818/cti"
},
{
"name": "CVE-2026-12176 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12176"
},
{
"name": "Submit #837732 | https://www.sourcecodester.com/ CET Automated Grading System with AI Predictive Analytics in PHP and MySQL Version: 1.0 Cross Site Scripting - Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837732"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-13T08:00:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12176",
"datePublished": "2026-06-13T23:15:10.784Z",
"dateReserved": "2026-06-13T05:55:32.673Z",
"dateUpdated": "2026-06-13T23:15:10.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12175 (GCVE-0-2026-12175)
Vulnerability from cvelistv5 – Published: 2026-06-13 22:45 – Updated: 2026-06-13 22:45
VLAI
Title
CodeAstro Student Attendance Management System createStudents.php sql injection
Summary
A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370816 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370816/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12175 | third-party-advisory |
| https://vuldb.com/submit/837214 | third-party-advisory |
| https://github.com/fgvcbv/cve/issues/1 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "claudefans (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T22:45:06.442Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370816 | CodeAstro Student Attendance Management System createStudents.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370816"
},
{
"name": "VDB-370816 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370816/cti"
},
{
"name": "CVE-2026-12175 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12175"
},
{
"name": "Submit #837214 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837214"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/fgvcbv/cve/issues/1"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-13T07:43:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System createStudents.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12175",
"datePublished": "2026-06-13T22:45:06.442Z",
"dateReserved": "2026-06-13T05:38:23.514Z",
"dateUpdated": "2026-06-13T22:45:06.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12174 (GCVE-0-2026-12174)
Vulnerability from cvelistv5 – Published: 2026-06-13 20:15 – Updated: 2026-06-13 20:15
VLAI
Title
D-Link DCS-935L HTTP rhea snprintf format string
Summary
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370815 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370815/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12174 | third-party-advisory |
| https://vuldb.com/submit/837209 | third-party-advisory |
| https://github.com/Real-Simplicity/cve-database/t… | exploit |
| https://www.dlink.com/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:dcs-935l:*:*:*:*:*:*:*:*"
],
"modules": [
"HTTP Handler"
],
"product": "DCS-935L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.10.01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Simplicity (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "Format String",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T20:15:12.362Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370815 | D-Link DCS-935L HTTP rhea snprintf format string",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370815"
},
{
"name": "VDB-370815 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370815/cti"
},
{
"name": "CVE-2026-12174 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12174"
},
{
"name": "Submit #837209 | D-Link DCS-935L HD Wi-Fi Camera 1.10.01 CWE-134: Use of Externally-Controlled Format String",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837209"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Real-Simplicity/cve-database/tree/main/CVE_Report_DLink_DCS935L_Format_String"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-13T07:41:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DCS-935L HTTP rhea snprintf format string"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12174",
"datePublished": "2026-06-13T20:15:12.362Z",
"dateReserved": "2026-06-13T05:36:07.097Z",
"dateUpdated": "2026-06-13T20:15:12.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12131 (GCVE-0-2026-12131)
Vulnerability from cvelistv5 – Published: 2026-06-12 21:15 – Updated: 2026-06-12 21:15
VLAI
Title
CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection
Summary
A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Severity
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370616 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370616/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12131 | third-party-advisory |
| https://vuldb.com/submit/837207 | third-party-advisory |
| https://github.com/ashikmd0507/CVE/tree/main/SQL-… | exploit |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Human Resource Management System |
Affected:
1.0
cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Payroll Invoice Module"
],
"product": "Human Resource Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ashikmd7 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \\application\\controllers\\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T21:15:08.544Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370616 | CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370616"
},
{
"name": "VDB-370616 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370616/cti"
},
{
"name": "CVE-2026-12131 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12131"
},
{
"name": "Submit #837207 | CodeAstro Human Resource Management System in PHP CodeIgniter v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837207"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ashikmd0507/CVE/tree/main/SQL-Injection-via-Payroll-Invoice-Module"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-12T17:26:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12131",
"datePublished": "2026-06-12T21:15:08.544Z",
"dateReserved": "2026-06-12T15:21:07.851Z",
"dateUpdated": "2026-06-12T21:15:08.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12130 (GCVE-0-2026-12130)
Vulnerability from cvelistv5 – Published: 2026-06-12 20:45 – Updated: 2026-06-12 20:45
VLAI
Title
CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting
Summary
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370615 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370615/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12130 | third-party-advisory |
| https://vuldb.com/submit/837202 | third-party-advisory |
| https://github.com/ashikmd0507/CVE/tree/main/Stor… | exploit |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Human Resource Management System |
Affected:
1.0
cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Projects Management Page"
],
"product": "Human Resource Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ashikmd7 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T20:45:08.820Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370615 | CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370615"
},
{
"name": "VDB-370615 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370615/cti"
},
{
"name": "CVE-2026-12130 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12130"
},
{
"name": "Submit #837202 | CodeAstro Human Resource Management System in PHP CodeIgniter v1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837202"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-Project-Title"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-12T17:26:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12130",
"datePublished": "2026-06-12T20:45:08.820Z",
"dateReserved": "2026-06-12T15:21:05.200Z",
"dateUpdated": "2026-06-12T20:45:08.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12129 (GCVE-0-2026-12129)
Vulnerability from cvelistv5 – Published: 2026-06-12 20:30 – Updated: 2026-06-13 03:33
VLAI
Title
CodeAstro Human Resource Management System Dashboard add_tod cross site scripting
Summary
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370614 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370614/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12129 | third-party-advisory |
| https://vuldb.com/submit/837196 | third-party-advisory |
| https://github.com/ashikmd0507/CVE/tree/main/Stor… | exploit |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Human Resource Management System |
Affected:
1.0
cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12129",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-13T03:32:58.936557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T03:33:10.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Dashboard Interface"
],
"product": "Human Resource Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ashikmd7 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T20:30:09.197Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370614 | CodeAstro Human Resource Management System Dashboard add_tod cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370614"
},
{
"name": "VDB-370614 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370614/cti"
},
{
"name": "CVE-2026-12129 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12129"
},
{
"name": "Submit #837196 | CodeAstro Human Resource Management System in PHP CodeIgniter v1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837196"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-TO-DO-LIST"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-12T17:26:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Human Resource Management System Dashboard add_tod cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12129",
"datePublished": "2026-06-12T20:30:09.197Z",
"dateReserved": "2026-06-12T15:21:02.352Z",
"dateUpdated": "2026-06-13T03:33:10.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12066 (GCVE-0-2026-12066)
Vulnerability from cvelistv5 – Published: 2026-06-12 13:00 – Updated: 2026-06-12 13:34
VLAI
Title
PbootCMS Password MemberController.php retrieve password recovery
Summary
A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-640 - Weak Password Recovery
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370561 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370561/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12066 | third-party-advisory |
| https://vuldb.com/submit/828374 | third-party-advisory |
| https://github.com/pbootcmspro/PbootCMS/issues/38 | issue-tracking |
| https://github.com/yunyan05/MYCVE/tree/main/Pboot… | exploit |
Impacted products
1 product
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12066",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T13:34:10.930597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T13:34:40.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:pbootcms:pbootcms:*:*:*:*:*:*:*:*"
],
"modules": [
"Password Handler"
],
"product": "PbootCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.5"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.2.9"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.11"
},
{
"status": "affected",
"version": "3.2.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yunyan05 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T13:00:07.936Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370561 | PbootCMS Password MemberController.php retrieve password recovery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370561"
},
{
"name": "VDB-370561 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370561/cti"
},
{
"name": "CVE-2026-12066 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12066"
},
{
"name": "Submit #828374 | PbootCMS 3.2.12 Improper Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/828374"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/pbootcmspro/PbootCMS/issues/38"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/yunyan05/MYCVE/tree/main/PbootCMS/V3.2.12-Account-Takeover"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-12T09:46:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "PbootCMS Password MemberController.php retrieve password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12066",
"datePublished": "2026-06-12T13:00:07.936Z",
"dateReserved": "2026-06-12T07:40:54.050Z",
"dateUpdated": "2026-06-12T13:34:40.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12065 (GCVE-0-2026-12065)
Vulnerability from cvelistv5 – Published: 2026-06-12 12:30 – Updated: 2026-06-12 15:19
VLAI
Title
Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme
Summary
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370560 | vdb-entry |
| https://vuldb.com/vuln/370560/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12065 | third-party-advisory |
| https://vuldb.com/submit/822984 | third-party-advisory |
| https://github.com/honestcorrupt/Groww-Android-Ap… | related |
| https://drive.google.com/drive/folders/1r9t4AuG74… | exploit |
| https://github.com/honestcorrupt/CVE-req-Groww-An… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Groww | Stock, Mutual Fund, Gold App |
Affected:
20260805
cpe:2.3:a:groww:stock_mutual_fund_gold_app:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12065",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T15:18:03.541331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T15:19:01.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/honestcorrupt/CVE-req-Groww-Android-Application-Unsafe-WebView-URL-Handling-Weak-Client-Side-App-Lock-Enforcement"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:groww:stock_mutual_fund_gold_app:*:*:*:*:*:*:*:*"
],
"modules": [
"WebView URL Handler"
],
"product": "Stock, Mutual Fund, Gold App",
"vendor": "Groww",
"versions": [
{
"status": "affected",
"version": "20260805"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "honest_corrupt (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 1.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 1.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-939",
"description": "Improper Authorization in Handler for Custom URL Scheme",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T12:30:08.900Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370560 | Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/370560"
},
{
"name": "VDB-370560 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370560/cti"
},
{
"name": "CVE-2026-12065 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12065"
},
{
"name": "Submit #822984 | Groww Groww Android Application Latest Available Version Weak Client-Side Protection and Unsafe WebView URL Handling",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/822984"
},
{
"tags": [
"related"
],
"url": "https://github.com/honestcorrupt/Groww-Android-Application-Unsafe-WebView-URL-Handling-Weak-Client-Side-App-Lock-Enforcement.git"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1r9t4AuG747PmRbgLmY2CztsX5PTjQL19"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-12T09:38:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12065",
"datePublished": "2026-06-12T12:30:08.900Z",
"dateReserved": "2026-06-12T07:32:56.280Z",
"dateUpdated": "2026-06-12T15:19:01.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11956 (GCVE-0-2026-11956)
Vulnerability from cvelistv5 – Published: 2026-06-11 11:30 – Updated: 2026-06-11 12:52
VLAI
Title
TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute
Summary
A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label "not planned".
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370343 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370343/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11956 | third-party-advisory |
| https://vuldb.com/submit/836328 | third-party-advisory |
| https://github.com/TwiN/gatus/issues/1689 | issue-tracking |
| https://github.com/TwiN/gatus/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11956",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T12:52:01.481436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T12:52:09.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/836328"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/TwiN/gatus/issues/1689"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:twin:gatus:*:*:*:*:*:*:*:*"
],
"modules": [
"OIDC Session Cookie Handler"
],
"product": "gatus",
"vendor": "TwiN",
"versions": [
{
"status": "affected",
"version": "5.36.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "Sensitive Cookie Without Secure Attribute",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1004",
"description": "Cookie Without \u0027HttpOnly\u0027 Flag",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T11:30:12.019Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370343 | TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370343"
},
{
"name": "VDB-370343 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370343/cti"
},
{
"name": "CVE-2026-11956 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11956"
},
{
"name": "Submit #836328 | TwiN gatus 5.36.0 Sensitive Cookie Without Secure Attribute",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836328"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/TwiN/gatus/issues/1689"
},
{
"tags": [
"product"
],
"url": "https://github.com/TwiN/gatus/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-11T09:01:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11956",
"datePublished": "2026-06-11T11:30:12.019Z",
"dateReserved": "2026-06-11T06:55:17.414Z",
"dateUpdated": "2026-06-11T12:52:09.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11623 (GCVE-0-2026-11623)
Vulnerability from cvelistv5 – Published: 2026-06-09 03:15 – Updated: 2026-06-09 13:28 X_Open Source
VLAI
Title
tmux image.c image_free use after free
Summary
A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 3.7-rc is able to address this issue. The name of the patch is fc6d94a9f8a593bd8b7031650802084385d4ee03. The affected component should be upgraded.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369303 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369303/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11623 | third-party-advisory |
| https://vuldb.com/submit/835623 | third-party-advisory |
| https://gist.github.com/XlabAITeam/f0d9952595f795… | exploit |
| https://github.com/tmux/tmux/commit/fc6d94a9f8a59… | patch |
| https://github.com/tmux/tmux/releases/tag/3.7-rc | patch |
| https://github.com/tmux/tmux/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:28:02.658544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:28:45.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tmux:tmux:*:*:*:*:*:*:*:*"
],
"product": "tmux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.6a"
},
{
"status": "unaffected",
"version": "3.7-rc"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XlabAI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 3.7-rc is able to address this issue. The name of the patch is fc6d94a9f8a593bd8b7031650802084385d4ee03. The affected component should be upgraded."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.5,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:15:12.467Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369303 | tmux image.c image_free use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369303"
},
{
"name": "VDB-369303 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369303/cti"
},
{
"name": "CVE-2026-11623 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11623"
},
{
"name": "Submit #835623 | tmux \u003c= 3.6a Use After Free",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/835623"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/XlabAITeam/f0d9952595f795129a3258ba73bbc3cb"
},
{
"tags": [
"patch"
],
"url": "https://github.com/tmux/tmux/commit/fc6d94a9f8a593bd8b7031650802084385d4ee03"
},
{
"tags": [
"patch"
],
"url": "https://github.com/tmux/tmux/releases/tag/3.7-rc"
},
{
"tags": [
"product"
],
"url": "https://github.com/tmux/tmux/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T22:25:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "tmux image.c image_free use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11623",
"datePublished": "2026-06-09T03:15:12.467Z",
"dateReserved": "2026-06-08T20:19:58.448Z",
"dateUpdated": "2026-06-09T13:28:45.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11621 (GCVE-0-2026-11621)
Vulnerability from cvelistv5 – Published: 2026-06-09 03:00 – Updated: 2026-06-09 15:13
VLAI
Title
Dcat-Admin User Setting upload editorMDUpload unrestricted upload
Summary
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369302 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369302/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11621 | third-party-advisory |
| https://vuldb.com/submit/834849 | third-party-advisory |
| https://www.yuque.com/u25169484/wroc9b/co6eg4x23xkfesng | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Dcat-Admin |
Affected:
2.2.3-beta
cpe:2.3:a:dcat-admin:dcat-admin:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11621",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:57:04.462021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:13:39.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:dcat-admin:dcat-admin:*:*:*:*:*:*:*:*"
],
"modules": [
"User Setting Page"
],
"product": "Dcat-Admin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.2.3-beta"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "OoooY (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:00:18.253Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369302 | Dcat-Admin User Setting upload editorMDUpload unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369302"
},
{
"name": "VDB-369302 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369302/cti"
},
{
"name": "CVE-2026-11621 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11621"
},
{
"name": "Submit #834849 | Dcat-Admin \u003c2.2.2-beta Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/834849"
},
{
"tags": [
"exploit"
],
"url": "https://www.yuque.com/u25169484/wroc9b/co6eg4x23xkfesng"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T22:21:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dcat-Admin User Setting upload editorMDUpload unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11621",
"datePublished": "2026-06-09T03:00:18.253Z",
"dateReserved": "2026-06-08T20:16:41.623Z",
"dateUpdated": "2026-06-09T15:13:39.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11620 (GCVE-0-2026-11620)
Vulnerability from cvelistv5 – Published: 2026-06-09 02:45 – Updated: 2026-06-09 16:00
VLAI
Title
TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation
Summary
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369301 | vdb-entry |
| https://vuldb.com/vuln/369301/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11620 | third-party-advisory |
| https://vuldb.com/submit/834825 | third-party-advisory |
| https://www.notion.so/TOTOLink-EX200-V4-0-3c-7646… | exploit |
| https://www.totolink.net/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11620",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T16:00:16.893844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T16:00:26.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:totolink:ex200_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"vsftpd"
],
"product": "EX200",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.0.3c.7646"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "L-14 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T02:45:10.490Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369301 | TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/369301"
},
{
"name": "VDB-369301 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369301/cti"
},
{
"name": "CVE-2026-11620 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11620"
},
{
"name": "Submit #834825 | TOTOLink EX200 V4.0.3c.7646 Misconfiguration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/834825"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/TOTOLink-EX200-V4-0-3c-7646_B20201211-3671f5ba989080ccaa41d9f76fb1906b?source=copy_link"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T22:19:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11620",
"datePublished": "2026-06-09T02:45:10.490Z",
"dateReserved": "2026-06-08T20:14:12.689Z",
"dateUpdated": "2026-06-09T16:00:26.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11619 (GCVE-0-2026-11619)
Vulnerability from cvelistv5 – Published: 2026-06-09 02:30 – Updated: 2026-06-09 14:50 X_Open Source
VLAI
Title
Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization
Summary
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369300 | vdb-entry |
| https://vuldb.com/vuln/369300/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11619 | third-party-advisory |
| https://vuldb.com/submit/834038 | third-party-advisory |
| https://github.com/dolibarr/dolibarr/commit/f1b2d… | patch |
| https://github.com/Dolibarr/dolibarr/releases/tag… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11619",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:49:04.088148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:50:39.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/834038"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:dolibarr:erp_crm:*:*:*:*:*:*:*:*"
],
"modules": [
"Legacy Filemanager"
],
"product": "ERP CRM",
"vendor": "Dolibarr",
"versions": [
{
"status": "affected",
"version": "23.0.0"
},
{
"status": "affected",
"version": "23.0.1"
},
{
"status": "affected",
"version": "23.0.2"
},
{
"status": "unaffected",
"version": "23.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Abderrahmane Aksoum (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T02:30:12.759Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369300 | Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/369300"
},
{
"name": "VDB-369300 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369300/cti"
},
{
"name": "CVE-2026-11619 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11619"
},
{
"name": "Submit #834038 | Dolibarr Dolibarr ERP/CRM up to 23.0.3 Missing Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/834038"
},
{
"tags": [
"patch"
],
"url": "https://github.com/dolibarr/dolibarr/commit/f1b2dd6481e22cacb561d29ffdcd3a50b618479d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Dolibarr/dolibarr/releases/tag/23.0.3"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T22:18:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11619",
"datePublished": "2026-06-09T02:30:12.759Z",
"dateReserved": "2026-06-08T20:12:59.884Z",
"dateUpdated": "2026-06-09T14:50:39.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11618 (GCVE-0-2026-11618)
Vulnerability from cvelistv5 – Published: 2026-06-09 02:15 – Updated: 2026-06-09 14:28 X_Open Source
VLAI
Title
DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication
Summary
A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369299 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369299/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11618 | third-party-advisory |
| https://vuldb.com/submit/834008 | third-party-advisory |
| https://github.com/DTStack/Taier/issues/1194 | exploitissue-tracking |
| https://github.com/DTStack/Taier/commit/f95389e7f… | patch |
| https://github.com/DTStack/Taier/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11618",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:28:44.465029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:28:48.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/DTStack/Taier/issues/1194"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:dtstack:taier:*:*:*:*:*:*:*:*"
],
"modules": [
"Source Connection Test Endpoint"
],
"product": "Taier",
"vendor": "DTStack",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "anch0r (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead to improper authentication. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called f95389e7f74acec42bcee079a616aaa06f9551d2. A patch should be applied to remediate this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T02:15:13.106Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369299 | DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369299"
},
{
"name": "VDB-369299 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369299/cti"
},
{
"name": "CVE-2026-11618 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11618"
},
{
"name": "Submit #834008 | DTStack Taier \u003c=1.0.0 Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/834008"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/DTStack/Taier/issues/1194"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DTStack/Taier/commit/f95389e7f74acec42bcee079a616aaa06f9551d2"
},
{
"tags": [
"product"
],
"url": "https://github.com/DTStack/Taier/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T22:14:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11618",
"datePublished": "2026-06-09T02:15:13.106Z",
"dateReserved": "2026-06-08T20:08:48.179Z",
"dateUpdated": "2026-06-09T14:28:48.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11585 (GCVE-0-2026-11585)
Vulnerability from cvelistv5 – Published: 2026-06-08 19:45 – Updated: 2026-06-09 13:29
VLAI
Title
CodeAstro Student Attendance Management System createClassArms.php sql injection
Summary
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369182 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369182/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11585 | third-party-advisory |
| https://vuldb.com/submit/836800 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/10 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11585",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:29:09.063346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:29:38.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:45:11.161Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369182 | CodeAstro Student Attendance Management System createClassArms.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369182"
},
{
"name": "VDB-369182 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369182/cti"
},
{
"name": "CVE-2026-11585 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11585"
},
{
"name": "Submit #836800 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836800"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/10"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T14:10:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System createClassArms.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11585",
"datePublished": "2026-06-08T19:45:11.161Z",
"dateReserved": "2026-06-08T12:05:39.652Z",
"dateUpdated": "2026-06-09T13:29:38.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11584 (GCVE-0-2026-11584)
Vulnerability from cvelistv5 – Published: 2026-06-08 19:30 – Updated: 2026-06-09 15:13
VLAI
Title
CodeAstro Student Attendance Management System createClass.php edit sql injection
Summary
A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369181 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369181/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11584 | third-party-advisory |
| https://vuldb.com/submit/836799 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/9 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11584",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:56:49.960669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:13:47.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:30:09.822Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369181 | CodeAstro Student Attendance Management System createClass.php edit sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369181"
},
{
"name": "VDB-369181 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369181/cti"
},
{
"name": "CVE-2026-11584 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11584"
},
{
"name": "Submit #836799 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836799"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/9"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T14:10:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System createClass.php edit sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11584",
"datePublished": "2026-06-08T19:30:09.822Z",
"dateReserved": "2026-06-08T12:05:37.005Z",
"dateUpdated": "2026-06-09T15:13:47.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11583 (GCVE-0-2026-11583)
Vulnerability from cvelistv5 – Published: 2026-06-08 19:15 – Updated: 2026-06-09 15:57
VLAI
Title
CodeAstro Student Attendance Management System createClass.php sql injection
Summary
A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369180 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369180/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11583 | third-party-advisory |
| https://vuldb.com/submit/836798 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/8 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11583",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:57:03.360765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:57:15.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:15:09.900Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369180 | CodeAstro Student Attendance Management System createClass.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369180"
},
{
"name": "VDB-369180 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369180/cti"
},
{
"name": "CVE-2026-11583 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11583"
},
{
"name": "Submit #836798 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836798"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/8"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T14:10:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System createClass.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11583",
"datePublished": "2026-06-08T19:15:09.900Z",
"dateReserved": "2026-06-08T12:05:34.440Z",
"dateUpdated": "2026-06-09T15:57:15.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11582 (GCVE-0-2026-11582)
Vulnerability from cvelistv5 – Published: 2026-06-08 19:00 – Updated: 2026-06-09 12:45
VLAI
Title
CodeAstro Student Attendance Management System index.php sql injection
Summary
A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369179 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369179/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11582 | third-party-advisory |
| https://vuldb.com/submit/836796 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/7 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11582",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T12:37:02.444321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T12:45:27.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:00:12.715Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369179 | CodeAstro Student Attendance Management System index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369179"
},
{
"name": "VDB-369179 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369179/cti"
},
{
"name": "CVE-2026-11582 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11582"
},
{
"name": "Submit #836796 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836796"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/7"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T14:10:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11582",
"datePublished": "2026-06-08T19:00:12.715Z",
"dateReserved": "2026-06-08T12:05:31.578Z",
"dateUpdated": "2026-06-09T12:45:27.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11559 (GCVE-0-2026-11559)
Vulnerability from cvelistv5 – Published: 2026-06-08 18:45 – Updated: 2026-06-09 16:09
VLAI
Title
CodeAstro Payroll System view_account.php sql injection
Summary
A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369169 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369169/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11559 | third-party-advisory |
| https://vuldb.com/submit/836791 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/1 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Payroll System |
Affected:
1.0
cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11559",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T16:08:45.989192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T16:09:05.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:*"
],
"product": "Payroll System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T18:45:08.127Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369169 | CodeAstro Payroll System view_account.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369169"
},
{
"name": "VDB-369169 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369169/cti"
},
{
"name": "CVE-2026-11559 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11559"
},
{
"name": "Submit #836791 | codeastro Payroll System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836791"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/1"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T08:03:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Payroll System view_account.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11559",
"datePublished": "2026-06-08T18:45:08.127Z",
"dateReserved": "2026-06-08T05:58:16.703Z",
"dateUpdated": "2026-06-09T16:09:05.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11558 (GCVE-0-2026-11558)
Vulnerability from cvelistv5 – Published: 2026-06-08 18:30 – Updated: 2026-06-08 19:16
VLAI
Title
CodeAstro Payroll System home_salary.php sql injection
Summary
A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369168 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369168/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11558 | third-party-advisory |
| https://vuldb.com/submit/836785 | third-party-advisory |
| https://vuldb.com/submit/836790 | third-party-advisory |
| https://github.com/sl1der-fr0g/Findings/issues/1 | issue-tracking |
| https://github.com/Andelstander/cve/issues/2 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Payroll System |
Affected:
1.0
cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11558",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T19:16:15.615963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:16:21.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:*"
],
"product": "Payroll System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cshwswwsshd99 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T18:30:09.163Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369168 | CodeAstro Payroll System home_salary.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369168"
},
{
"name": "VDB-369168 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369168/cti"
},
{
"name": "CVE-2026-11558 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11558"
},
{
"name": "Submit #836785 | codeastro Payroll System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836785"
},
{
"name": "Submit #836790 | codeastro Payroll System V1.0 SQL Injection (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836790"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/sl1der-fr0g/Findings/issues/1"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/2"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T08:03:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Payroll System home_salary.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11558",
"datePublished": "2026-06-08T18:30:09.163Z",
"dateReserved": "2026-06-08T05:58:14.336Z",
"dateUpdated": "2026-06-08T19:16:21.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11557 (GCVE-0-2026-11557)
Vulnerability from cvelistv5 – Published: 2026-06-08 18:15 – Updated: 2026-06-08 19:52
VLAI
Title
Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow
Summary
A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369167 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369167/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11557 | third-party-advisory |
| https://vuldb.com/submit/836477 | third-party-advisory |
| https://github.com/Robots10/IoT_vlu/blob/main/rep… | exploit |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11557",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T19:52:15.831128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:52:29.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "F451",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.0.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hacker128 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T18:15:10.637Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369167 | Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369167"
},
{
"name": "VDB-369167 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369167/cti"
},
{
"name": "CVE-2026-11557 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11557"
},
{
"name": "Submit #836477 | Tenda Tenda F451 Wireless Router V1.0.0.7, V1.0.0.9 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836477"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Robots10/IoT_vlu/blob/main/reports/Tenda/fromNatlimit/fromNatlimit.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T08:00:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11557",
"datePublished": "2026-06-08T18:15:10.637Z",
"dateReserved": "2026-06-08T05:55:39.465Z",
"dateUpdated": "2026-06-08T19:52:29.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11556 (GCVE-0-2026-11556)
Vulnerability from cvelistv5 – Published: 2026-06-08 18:00 – Updated: 2026-06-09 14:35
VLAI
Title
Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection
Summary
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369166 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369166/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11556 | third-party-advisory |
| https://vuldb.com/submit/836476 | third-party-advisory |
| https://github.com/Robots10/IoT_vlu/blob/main/rep… | exploit |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11556",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:33:10.240378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:35:15.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "F451",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.7"
},
{
"status": "affected",
"version": "1.0.0.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hacker128 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T18:00:15.317Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369166 | Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369166"
},
{
"name": "VDB-369166 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369166/cti"
},
{
"name": "CVE-2026-11556 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11556"
},
{
"name": "Submit #836476 | Tenda Tenda F451 Wireless Router V1.0.0.7, V1.0.0.9 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836476"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Robots10/IoT_vlu/blob/main/reports/Tenda/formWriteFacMac2/formWriteFacMac.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T08:00:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11556",
"datePublished": "2026-06-08T18:00:15.317Z",
"dateReserved": "2026-06-08T05:55:33.297Z",
"dateUpdated": "2026-06-09T14:35:15.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11555 (GCVE-0-2026-11555)
Vulnerability from cvelistv5 – Published: 2026-06-08 17:45 – Updated: 2026-06-09 15:52
VLAI
Title
D-Link DGS-1100-08PD Web boa.conf least privilege violation
Summary
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369165 | vdb-entry |
| https://vuldb.com/vuln/369165/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11555 | third-party-advisory |
| https://vuldb.com/submit/834824 | third-party-advisory |
| https://www.notion.so/D-link-DGS-1100-08PD-v1-00-… | exploit |
| https://www.dlink.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DGS-1100-08PD |
Affected:
1.00.006
cpe:2.3:h:d-link:dgs-1100-08pd:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:52:04.882283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:52:17.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:dgs-1100-08pd:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Interface"
],
"product": "DGS-1100-08PD",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.00.006"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yinfantasy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T17:45:13.723Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369165 | D-Link DGS-1100-08PD Web boa.conf least privilege violation",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/369165"
},
{
"name": "VDB-369165 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369165/cti"
},
{
"name": "CVE-2026-11555 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11555"
},
{
"name": "Submit #834824 | D-link DGS-1100-08PD v1.00.006 Misconfiguration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/834824"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/D-link-DGS-1100-08PD-v1-00-006-3670ed14e5cb80848bc4e3129dfafa29?source=copy_link"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T07:58:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DGS-1100-08PD Web boa.conf least privilege violation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11555",
"datePublished": "2026-06-08T17:45:13.723Z",
"dateReserved": "2026-06-08T05:53:11.594Z",
"dateUpdated": "2026-06-09T15:52:17.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11554 (GCVE-0-2026-11554)
Vulnerability from cvelistv5 – Published: 2026-06-08 17:30 – Updated: 2026-06-09 12:33
VLAI
Title
TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation
Summary
A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369164 | vdb-entry |
| https://vuldb.com/vuln/369164/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11554 | third-party-advisory |
| https://vuldb.com/submit/834821 | third-party-advisory |
| https://www.notion.so/TOTOLink-CP450-V4-1-0cu-747… | exploit |
| https://www.totolink.net/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11554",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T12:33:01.164712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T12:33:55.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:totolink:cp450_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"vsftpd"
],
"product": "CP450",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "4.1.0cu.747"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "L-14 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T17:30:11.745Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369164 | TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/369164"
},
{
"name": "VDB-369164 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369164/cti"
},
{
"name": "CVE-2026-11554 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11554"
},
{
"name": "Submit #834821 | TOTOLink CP450 V4.1.0cu.747 Misconfiguration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/834821"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/TOTOLink-CP450-V4-1-0cu-747-3671f5ba989080c3b39ac3984d2ff44d?source=copy_link"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T07:50:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11554",
"datePublished": "2026-06-08T17:30:11.745Z",
"dateReserved": "2026-06-08T05:45:35.473Z",
"dateUpdated": "2026-06-09T12:33:55.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11553 (GCVE-0-2026-11553)
Vulnerability from cvelistv5 – Published: 2026-06-08 17:15 – Updated: 2026-06-08 18:49
VLAI
Title
Tenda HG7HG9/HG10 formPPPEdit stack-based overflow
Summary
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369163 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369163/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11553 | third-party-advisory |
| https://vuldb.com/submit/836778 | third-party-advisory |
| https://github.com/xiezhihua-1127/Tenda-Stack-Ove… | related |
| https://github.com/xiezhihua-1127/Tenda-Stack-Ove… | exploit |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T18:49:04.954919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T18:49:14.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:hg7hg9:*:*:*:*:*:*:*:*"
],
"product": "HG7HG9",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "300001138_en_xpon"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:hg10:*:*:*:*:*:*:*:*"
],
"product": "HG10",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "300001138_en_xpon"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zhihua xie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T17:15:11.855Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369163 | Tenda HG7HG9/HG10 formPPPEdit stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369163"
},
{
"name": "VDB-369163 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369163/cti"
},
{
"name": "CVE-2026-11553 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11553"
},
{
"name": "Submit #836778 | Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon stack-based buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836778"
},
{
"tags": [
"related"
],
"url": "https://github.com/xiezhihua-1127/Tenda-Stack-Overflow.git"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xiezhihua-1127/Tenda-Stack-Overflow/blob/main/report.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T07:48:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda HG7HG9/HG10 formPPPEdit stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11553",
"datePublished": "2026-06-08T17:15:11.855Z",
"dateReserved": "2026-06-08T05:43:31.214Z",
"dateUpdated": "2026-06-08T18:49:14.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11552 (GCVE-0-2026-11552)
Vulnerability from cvelistv5 – Published: 2026-06-08 17:00 – Updated: 2026-06-08 18:24 X_Freeware
VLAI
Title
SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password
Summary
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369162 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369162/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11552 | third-party-advisory |
| https://vuldb.com/submit/836751 | third-party-advisory |
| https://www.sourcecodester.com/ | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Onlne Examination & Learning Management System |
Affected:
1.0
cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:* |
|
| SourceCodester | Syllabus-aligned Learning Management and Examination System |
Affected:
1.0
cpe:2.3:a:sourcecodester:syllabus-aligned_learning_management_and_examination_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T18:22:46.805674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T18:24:02.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
],
"product": "Onlne Examination \u0026 Learning Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:sourcecodester:syllabus-aligned_learning_management_and_examination_system:*:*:*:*:*:*:*:*"
],
"product": "Syllabus-aligned Learning Management and Examination System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kamran Saifullah (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Onlne Examination \u0026 Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T17:00:15.864Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369162 | SourceCodester Onlne Examination \u0026 Learning Management System import_users.php hard-coded password",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369162"
},
{
"name": "VDB-369162 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369162/cti"
},
{
"name": "CVE-2026-11552 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11552"
},
{
"name": "Submit #836751 | SourceCodester Onlne Examination \u0026 Learning Management System using PHP and MySQL 0 Use of Hard-coded Password",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836751"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T07:23:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Onlne Examination \u0026 Learning Management System import_users.php hard-coded password"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11552",
"datePublished": "2026-06-08T17:00:15.864Z",
"dateReserved": "2026-06-08T05:18:19.106Z",
"dateUpdated": "2026-06-08T18:24:02.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11534 (GCVE-0-2026-11534)
Vulnerability from cvelistv5 – Published: 2026-06-08 16:45 – Updated: 2026-06-09 14:35
VLAI
Title
imvks786 student_management_system add.php cross site scripting
Summary
A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369151 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369151/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11534 | third-party-advisory |
| https://vuldb.com/submit/836639 | third-party-advisory |
| https://github.com/imvks786/student_management_sy… | exploitissue-tracking |
| https://github.com/imvks786/student_management_system/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| imvks786 | student_management_system |
Affected:
9599b560ad3c3b83e75d328b76bedcd489ef1f46
cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11534",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:29:21.741730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:35:30.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:*"
],
"product": "student_management_system",
"vendor": "imvks786",
"versions": [
{
"status": "affected",
"version": "9599b560ad3c3b83e75d328b76bedcd489ef1f46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marry_2026 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:45:09.182Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369151 | imvks786 student_management_system add.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369151"
},
{
"name": "VDB-369151 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369151/cti"
},
{
"name": "CVE-2026-11534 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11534"
},
{
"name": "Submit #836639 | imvks786 student_management_system 1.0 Stored Cross\u2011Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836639"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/imvks786/student_management_system/issues/5"
},
{
"tags": [
"product"
],
"url": "https://github.com/imvks786/student_management_system/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T21:58:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "imvks786 student_management_system add.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11534",
"datePublished": "2026-06-08T16:45:09.182Z",
"dateReserved": "2026-06-07T19:53:29.687Z",
"dateUpdated": "2026-06-09T14:35:30.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11533 (GCVE-0-2026-11533)
Vulnerability from cvelistv5 – Published: 2026-06-08 16:30 – Updated: 2026-06-09 15:49
VLAI
Title
imvks786 student_management_system Student Deletion Endpoint see.php improper authorization
Summary
A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369150 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369150/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11533 | third-party-advisory |
| https://vuldb.com/submit/836636 | third-party-advisory |
| https://github.com/imvks786/student_management_sy… | exploitissue-tracking |
| https://github.com/imvks786/student_management_system/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| imvks786 | student_management_system |
Affected:
9599b560ad3c3b83e75d328b76bedcd489ef1f46
cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11533",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:48:34.560858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:49:23.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Student Deletion Endpoint"
],
"product": "student_management_system",
"vendor": "imvks786",
"versions": [
{
"status": "affected",
"version": "9599b560ad3c3b83e75d328b76bedcd489ef1f46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kimoji (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:30:10.472Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369150 | imvks786 student_management_system Student Deletion Endpoint see.php improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369150"
},
{
"name": "VDB-369150 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369150/cti"
},
{
"name": "CVE-2026-11533 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11533"
},
{
"name": "Submit #836636 | imvks786 student_management_system 1.0 Broken Access Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836636"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/imvks786/student_management_system/issues/4"
},
{
"tags": [
"product"
],
"url": "https://github.com/imvks786/student_management_system/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T21:58:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "imvks786 student_management_system Student Deletion Endpoint see.php improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11533",
"datePublished": "2026-06-08T16:30:10.472Z",
"dateReserved": "2026-06-07T19:53:26.805Z",
"dateUpdated": "2026-06-09T15:49:23.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11532 (GCVE-0-2026-11532)
Vulnerability from cvelistv5 – Published: 2026-06-08 16:15 – Updated: 2026-06-08 17:53
VLAI
Title
imvks786 student_management_system Student Record add.php access control
Summary
A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369149 | vdb-entry |
| https://vuldb.com/vuln/369149/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11532 | third-party-advisory |
| https://vuldb.com/submit/836634 | third-party-advisory |
| https://github.com/imvks786/student_management_sy… | exploitissue-tracking |
| https://github.com/imvks786/student_management_system/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| imvks786 | student_management_system |
Affected:
9599b560ad3c3b83e75d328b76bedcd489ef1f46
cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11532",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T17:51:03.095315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T17:53:36.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Student Record Handler"
],
"product": "student_management_system",
"vendor": "imvks786",
"versions": [
{
"status": "affected",
"version": "9599b560ad3c3b83e75d328b76bedcd489ef1f46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Estelle666 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:15:14.448Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369149 | imvks786 student_management_system Student Record add.php access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/369149"
},
{
"name": "VDB-369149 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369149/cti"
},
{
"name": "CVE-2026-11532 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11532"
},
{
"name": "Submit #836634 | imvks786 student_management_system 1.0 Insufficient Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836634"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/imvks786/student_management_system/issues/3"
},
{
"tags": [
"product"
],
"url": "https://github.com/imvks786/student_management_system/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T21:58:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "imvks786 student_management_system Student Record add.php access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11532",
"datePublished": "2026-06-08T16:15:14.448Z",
"dateReserved": "2026-06-07T19:53:24.158Z",
"dateUpdated": "2026-06-08T17:53:36.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11531 (GCVE-0-2026-11531)
Vulnerability from cvelistv5 – Published: 2026-06-08 16:00 – Updated: 2026-06-09 15:56
VLAI
Title
imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection
Summary
A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a_usr/a_pwd results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369148 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369148/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11531 | third-party-advisory |
| https://vuldb.com/submit/836633 | third-party-advisory |
| https://github.com/imvks786/student_management_sy… | exploitissue-tracking |
| https://github.com/imvks786/student_management_system/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| imvks786 | student_management_system |
Affected:
9599b560ad3c3b83e75d328b76bedcd489ef1f46
cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11531",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:55:47.745756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:56:05.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/836633"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:imvks786:student_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Administrator Login Endpoint"
],
"product": "student_management_system",
"vendor": "imvks786",
"versions": [
{
"status": "affected",
"version": "9599b560ad3c3b83e75d328b76bedcd489ef1f46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yeliuyun (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a_usr/a_pwd results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:00:15.973Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369148 | imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369148"
},
{
"name": "VDB-369148 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369148/cti"
},
{
"name": "CVE-2026-11531 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11531"
},
{
"name": "Submit #836633 | imvks786 student_management_system 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836633"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/imvks786/student_management_system/issues/2"
},
{
"tags": [
"product"
],
"url": "https://github.com/imvks786/student_management_system/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T21:58:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11531",
"datePublished": "2026-06-08T16:00:15.973Z",
"dateReserved": "2026-06-07T19:53:21.533Z",
"dateUpdated": "2026-06-09T15:56:05.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}