Vendor CVEs
Remyandrade
All CVEs
43 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9603 | Med | 0.42 | 6.5 | 0.00 | May 26, 2026 | A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible.… | ||
| CVE-2026-3695 | Med | 0.42 | 6.5 | 0.01 | Mar 8, 2026 | A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2026-9484 | Med | 0.41 | 6.3 | 0.00 | May 25, 2026 | A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroom_id can lead to… | ||
| CVE-2026-9483 | Med | 0.41 | 6.3 | 0.00 | May 25, 2026 | A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results in improper authorization. The attack may be initiated remotely. The exploit has… | ||
| CVE-2026-3163 | Med | 0.41 | 6.3 | 0.00 | Feb 25, 2026 | A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit… | ||
| CVE-2025-14530 | Med | 0.31 | 4.7 | 0.00 | Dec 11, 2025 | A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely.… | ||
| CVE-2026-9486 | Med | 0.28 | 4.3 | 0.00 | May 25, 2026 | A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for… | ||
| CVE-2026-3302 | Med | 0.28 | 4.3 | 0.00 | Feb 27, 2026 | A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The… | ||
| CVE-2026-3070 | Med | 0.28 | 4.3 | 0.00 | Feb 24, 2026 | A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The… | ||
| CVE-2026-9485 | Low | 0.23 | 3.5 | 0.00 | May 25, 2026 | A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is… | ||
| CVE-2026-0580 | Low | 0.23 | 3.5 | 0.00 | Jan 5, 2026 | A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. | ||
| CVE-2025-13349 | Low | 0.23 | 3.5 | 0.00 | Nov 18, 2025 | A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component Add New Grade Page. The manipulation of the argument Remarks leads to cross site scripting. Remote… | ||
| CVE-2025-12332 | Low | 0.16 | 2.4 | 0.00 | Oct 28, 2025 | A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be… | ||
| CVE-2025-11485 | Low | 0.16 | 2.4 | 0.00 | Oct 8, 2025 | A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function add_user of the file /admin.php of the component Manage Users Page. This manipulation of the argument first_name/last_name causes cross site scripting. The attack can… | ||
| CVE-2021-27320 | 0.02 | — | 0.09 | Mar 24, 2021 | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. | |||
| CVE-2025-70457 | 0.00 | — | 0.01 | Jan 23, 2026 | A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension… | |||
| CVE-2025-66918 | 0.00 | — | 0.00 | Dec 11, 2025 | edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter. | |||
| CVE-2025-64070 | 0.00 | — | 0.00 | Dec 2, 2025 | Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field. | |||
| CVE-2025-65358 | 0.00 | — | 0.00 | Dec 2, 2025 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php. | |||
| CVE-2025-63892 | 0.00 | — | 0.00 | Nov 18, 2025 | A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function create_classroom of the file /classroom.php of the component My Classrooms Management Page. This manipulation of the argument name/description causes stored cross site… | |||
| CVE-2025-9553 | 0.00 | — | 0.00 | Oct 10, 2025 | Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*. | |||
| CVE-2025-45805 | 0.00 | — | 0.00 | Sep 3, 2025 | In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an… | |||
| CVE-2025-50493 | 0.00 | — | 0.00 | Jul 28, 2025 | Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack. | |||
| CVE-2025-2649 | 0.00 | — | 0.00 | Mar 23, 2025 | A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated… | |||
| CVE-2025-2640 | 0.00 | — | 0.00 | Mar 23, 2025 | A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /doctor/appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql… | |||
| CVE-2025-2383 | 0.00 | — | 0.00 | Mar 17, 2025 | A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The… | |||
| CVE-2024-48807 | 0.00 | — | 0.00 | Oct 30, 2024 | Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. | |||
| CVE-2024-4294 | 0.00 | — | 0.01 | Apr 27, 2024 | A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to… | |||
| CVE-2024-4293 | 0.00 | — | 0.01 | Apr 27, 2024 | A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to… | |||
| CVE-2023-40945 | 0.00 | — | 0.01 | Sep 11, 2023 | Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php. | |||
| CVE-2023-4219 | 0.00 | — | 0.01 | Aug 8, 2023 | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be… | |||
| CVE-2023-1063 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads… | |||
| CVE-2023-1062 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is… | |||
| CVE-2023-1061 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may… | |||
| CVE-2023-1059 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The… | |||
| CVE-2023-1058 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely.… | |||
| CVE-2023-1057 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned… | |||
| CVE-2023-1056 | 0.00 | — | 0.01 | Feb 27, 2023 | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The… | |||
| CVE-2022-46128 | 0.00 | — | 0.00 | Jan 25, 2023 | phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=. | |||
| CVE-2022-45730 | 0.00 | — | 0.01 | Jan 25, 2023 | A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. | |||
| CVE-2022-36201 | 0.00 | — | 0.02 | Aug 31, 2022 | Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php. | |||
| CVE-2022-36202 | 0.00 | — | 0.01 | Aug 31, 2022 | Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter. | |||
| CVE-2022-28568 | 0.00 | — | 0.04 | May 4, 2022 | Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. |
- risk 0.42cvss 6.5epss 0.00
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible.…
- risk 0.42cvss 6.5epss 0.01
A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroom_id can lead to…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results in improper authorization. The attack may be initiated remotely. The exploit has…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit…
- risk 0.31cvss 4.7epss 0.00
A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely.…
- risk 0.28cvss 4.3epss 0.00
A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for…
- risk 0.28cvss 4.3epss 0.00
A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely.
- risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component Add New Grade Page. The manipulation of the argument Remarks leads to cross site scripting. Remote…
- risk 0.16cvss 2.4epss 0.00
A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be…
- risk 0.16cvss 2.4epss 0.00
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function add_user of the file /admin.php of the component Manage Users Page. This manipulation of the argument first_name/last_name causes cross site scripting. The attack can…
- CVE-2021-27320Mar 24, 2021risk 0.02cvss —epss 0.09
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
- CVE-2025-70457Jan 23, 2026risk 0.00cvss —epss 0.01
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension…
- CVE-2025-66918Dec 11, 2025risk 0.00cvss —epss 0.00
edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.
- CVE-2025-64070Dec 2, 2025risk 0.00cvss —epss 0.00
Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.
- CVE-2025-65358Dec 2, 2025risk 0.00cvss —epss 0.00
Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.
- CVE-2025-63892Nov 18, 2025risk 0.00cvss —epss 0.00
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function create_classroom of the file /classroom.php of the component My Classrooms Management Page. This manipulation of the argument name/description causes stored cross site…
- CVE-2025-9553Oct 10, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.
- CVE-2025-45805Sep 3, 2025risk 0.00cvss —epss 0.00
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an…
- CVE-2025-50493Jul 28, 2025risk 0.00cvss —epss 0.00
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
- CVE-2025-2649Mar 23, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated…
- CVE-2025-2640Mar 23, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /doctor/appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql…
- CVE-2025-2383Mar 17, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The…
- CVE-2024-48807Oct 30, 2024risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter.
- CVE-2024-4294Apr 27, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to…
- CVE-2024-4293Apr 27, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to…
- CVE-2023-40945Sep 11, 2023risk 0.00cvss —epss 0.01
Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.
- CVE-2023-4219Aug 8, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be…
- CVE-2023-1063Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads…
- CVE-2023-1062Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is…
- CVE-2023-1061Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may…
- CVE-2023-1059Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The…
- CVE-2023-1058Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely.…
- CVE-2023-1057Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned…
- CVE-2023-1056Feb 27, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The…
- CVE-2022-46128Jan 25, 2023risk 0.00cvss —epss 0.00
phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.
- CVE-2022-45730Jan 25, 2023risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.
- CVE-2022-36201Aug 31, 2022risk 0.00cvss —epss 0.02
Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.
- CVE-2022-36202Aug 31, 2022risk 0.00cvss —epss 0.01
Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.
- CVE-2022-28568May 4, 2022risk 0.00cvss —epss 0.04
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.