VYPR
Vendor

Sherlock

Products
2
CVEs
7
Across products
7
Status
Private

Products

2

Recent CVEs

7
  • CVE-2026-5150HigMar 30, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter Handler. Such manipulation of the argument cos_id leads to sql injection. The attack can be…

  • CVE-2026-5035HigMar 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2026-5034HigMar 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the…

  • CVE-2026-5033HigMar 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be…

  • CVE-2026-4836MedMar 26, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my_account/delete.php. Performing a manipulation of the argument cos_id results in sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2026-4835LowMar 26, 2026
    risk 0.23cvss 3.5epss 0.00

    A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface. Such manipulation of the argument costumer_name leads to cross site scripting.…

  • CVE-2021-29267Mar 29, 2021
    risk 0.00cvss epss 0.01

    Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.