|
661
|
2.7 |
LOW
Network
|
-
|
-
|
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37596
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
662
|
2.7 |
LOW
Network
|
-
|
-
|
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37597
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
663
|
2.7 |
LOW
Network
|
-
|
-
|
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37598
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
664
|
2.7 |
LOW
Network
|
-
|
-
|
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37600
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
665
|
2.7 |
LOW
Network
|
-
|
-
|
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37601
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
666
|
2.7 |
LOW
Network
|
-
|
-
|
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-37602
|
2026-04-18 00:32 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
667
|
3.7 |
LOW
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediate…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-40263
|
2026-04-18 00:29 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
668
|
8.7 |
HIGH
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which d…
New
|
CWE-79
CWE-434
Cross-site Scripting
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40262
|
2026-04-18 00:29 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
669
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/{noteID}/assets/{assetID} is registered without authentication middleware,…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40265
|
2026-04-18 00:29 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
670
|
2.7 |
LOW
Network
|
-
|
-
|
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-36941
|
2026-04-18 00:28 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
