24h | 7d | 30d

Overview

  • SourceCodester
  • Class and Exam Timetabling System

19 Jul 2026
Published
19 Jul 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.41%

KEV

Description

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /edit_schoolyr.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

CVE-2026-16228: MEDIUM-severity SQL injection in SourceCodester Class and Exam Timetabling System 1.0 (/edit_schoolyr.php). Remote, unauthenticated exploitation possible. No patch — apply input validation & parameterized queries. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • SourceCodester
  • Class and Exam Timetabling System

19 Jul 2026
Published
19 Jul 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.41%

KEV

Description

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /edit_subject.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

CVE-2026-16227: SQL injection in SourceCodester Class and Exam Timetabling System v1.0 (/edit_subject.php, ID param). MEDIUM severity (CVSS 6.9). No patch yet — use input validation & parameterized queries. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • FalkorDB
  • QueryWeaver

18 Jul 2026
Published
18 Jul 2026
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.37%

KEV

Description

QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditionally creates and links a new token to the matching Identity via a Cypher MERGE operation before checking whether the email belongs to an existing account, causing the server to return a valid authenticated session token for the victim's identity without requiring any prior credentials or user interaction.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

CVE-2026-10130 (HIGH, CVSS 8.2) in FalkorDB QueryWeaver: attackers can bypass authentication and obtain session tokens for existing accounts by submitting signup requests with known emails. Review signup flows. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • itsourcecode
  • Courier Management System

19 Jul 2026
Published
19 Jul 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.44%

KEV

Description

A flaw has been found in itsourcecode Courier Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Executing a manipulation of the argument page can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

CVE-2026-16229 (MEDIUM, CVSS 5.3): XSS in itsourcecode Courier Management System v1.0 via 'page' param in /index.php. Remote exploitation possible, user interaction needed. No patch yet — use WAF and input validation. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago
Showing 21 to 24 of 24 CVEs