Webapp

Twitter-Clone 1 is vulnerable to SQL injection via the userid parameter in follow.php, allowing attackers to manipulate database queries and extract sensitive information such as usernames, passwords, and database credentials.

A SQL injection vulnerability (CVE-2026-8785) exists in the getAllPatientDetail function of the update_info.php file in projectworlds hospital-management-system-in-php version 1.0, allowing remote attackers to execute arbitrary SQL commands via the 'appointment_no' GET parameter.

A firewall bypass vulnerability has been identified in coreruleset version 4.21.0, with a public exploit available on Exploit-DB, potentially increasing the risk of exploitation for unpatched systems.

Advance Gift Shop Pro Script 2.0.3 is vulnerable to SQL injection via the 's' search parameter, allowing unauthenticated attackers to execute arbitrary SQL queries and extract sensitive database information.

A path traversal vulnerability in MindsDB versions prior to 25.9.1.1 allows an attacker to achieve remote code execution by uploading a malicious payload and triggering its execution.