Aggregator

10 нанометров толщиной и ролик вместо печи.

A vulnerability described as critical has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. This vulnerability is tracked as CVE-2026-10290. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as problematic has been reported in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. This vulnerability is identified as CVE-2026-10289. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. This vulnerability is referenced as CVE-2026-10288. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #825939 / VDB-367583

Submit #825934 / VDB-367582

Submit #825786 / VDB-367581

A vulnerability identified as critical has been detected in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the argument url causes server-side request forgery. The identification of this vulnerability is CVE-2026-10287. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results in sql injection. This vulnerability was named CVE-2026-10286. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in DevaslanPHP project-management up to 2.0.0-beta1. It has been rated as critical. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-10285. The attack is possible to be carried out remotely. No exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in DevaslanPHP project-management up to 2.0.0-beta1. It has been declared as critical. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to improper authorization. This vulnerability is handled as CVE-2026-10284. The attack can be executed remotely. There is not any exploit available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #825641 / VDB-367580

Submit #825566 / VDB-367579

A vulnerability was found in Bottelet DaybydayCRM up to 2.2.1. It has been classified as critical. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. This vulnerability is known as CVE-2026-10283. Remote exploitation of the attack is possible. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Bottelet DaybydayCRM up to 2.2.1 and classified as problematic. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2026-10282. The attack may be launched remotely. There is no exploit available. It is best practice to apply a patch to resolve this issue.

Submit #825494 / VDB-367513

Submit #825475 / VDB-367578

Submit #825473 / VDB-367577

Submit #825443 / VDB-367576

Submit #825442 / VDB-367576