|
301
|
2.7 |
LOW
Network
|
-
|
-
|
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37601
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302
|
2.7 |
LOW
Network
|
-
|
-
|
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37602
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303
|
- |
|
-
|
-
|
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php…
New
|
-
|
CVE-2026-31317
|
2026-04-18 00:30 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304
|
3.7 |
LOW
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediate…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-40263
|
2026-04-18 00:29 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305
|
8.7 |
HIGH
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which d…
New
|
CWE-79
CWE-434
Cross-site Scripting
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40262
|
2026-04-18 00:29 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/{noteID}/assets/{assetID} is registered without authentication middleware,…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40265
|
2026-04-18 00:29 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307
|
2.7 |
LOW
Network
|
-
|
-
|
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-36941
|
2026-04-18 00:28 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308
|
2.7 |
LOW
Network
|
-
|
-
|
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.
Update
|
-
|
CVE-2026-36942
|
2026-04-18 00:28 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309
|
2.7 |
LOW
Network
|
-
|
-
|
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-36943
|
2026-04-18 00:28 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310
|
2.7 |
LOW
Network
|
-
|
-
|
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-36944
|
2026-04-18 00:28 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
