CyberHub

Cybersecurity Professional Seeks Feedback on TryHackMe Training Paths The poster has over 1.5 years of experience as a security analyst in a SOC and five years in IT professionally. They hold multiple certifications (GCIH, GSOC, Sec+, Net+, A+) and a Master’s degree in Cybersecurity but still struggle with networking and other cybersecurity concepts. They are seeking feedback on whether TryHackMe’s SEC0, SEC1, SAL1, and PT1 training paths are valuable for maintaining skill proficiency. The request is directed at professionals with cybersecurity experience.

📌 Cybersecurity Professional Seeks Feedback on TryHackMe Training Paths https://www.cyberhub.blog/article/21171-cybersecurity-professional-seeks-feedback-on-tryhackme-training-paths

CVE-2026-3009 🛡 <b>CVE-2026-3009</b> <b>CVSS:</b> 8.1 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> secalert@redhat.com A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider. 🔗 <b>References</b> • <a href="https://access.redhat.com/errata/RHSA-2026:3947">https://access.redhat.com/errata/RHSA-2026:3947</a> • <a href="https://access.redhat.com/errata/RHSA-2026:3948">https://access.redhat.com/errata/RHSA-2026:3948</a> • <a href="https://access.redhat.com/security/cve/CVE-2026-3009">https://access.redhat.com/security/cve/CVE-2026-3009</a> • <a href="https://bugzilla.redhat.com/show_bug.cgi?id=2441867">https://bugzilla.redhat.com/show_bug.cgi?id=2441867</a> 📅 Mar 5, 2026

📌 CVE-2026-3009 - A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even ... https://www.cyberhub.blog/cves/CVE-2026-3009

CVE-2026-28790 🛡 <b>CVE-2026-28790</b> <b>CVSS:</b> 7.5 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> security-advisories@github.com OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, but can still call the KillAction RPC directly and successfully stop a running action. This is a broken access control issue that causes unauthorized denial of service against legitimate action executions. This issue has been patched in version 3000.11.0. 🔗 <b>References</b> • <a href="https://github.com/OliveTin/OliveTin/commit/d9804182eae43cf49f735e6533ddbe1541c2b9a9">https://github.com/OliveTin/OliveTin/commit/d9804182eae43cf49f735e6533ddbe1541c2b9a9</a> • <a href="https://github.com/OliveTin/OliveTin/releases/tag/3000.11.0">https://github.com/OliveTin/OliveTin/releases/tag/3000.11.0</a> • <a href="https://github.com/OliveTin/OliveTin/security/advisories/GHSA-4fqm-6fmh-82mq">https://github.com/OliveTin/OliveTin/security/advisories/GHSA-4fqm-6fmh-82mq</a> • <a href="https://github.com/OliveTin/OliveTin/security/advisories/GHSA-4fqm-6fmh-82mq">https://github.com/OliveTin/OliveTin/security/advisories/GHSA-4fqm-6fmh-82mq</a> 📅 Mar 5, 2026

📌 CVE-2026-28790 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to termi... https://www.cyberhub.blog/cves/CVE-2026-28790

CVE-2026-28789 🛡 <b>CVE-2026-28789</b> <b>CVSS:</b> 7.5 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> security-advisories@github.com OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic (fatal error: concurrent map writes) and process termination. This allows remote attackers to crash the service when OAuth2 is enabled. This issue has been patched in version 3000.10.3. 🔗 <b>References</b> • <a href="https://github.com/OliveTin/OliveTin/commit/f044d90d5525c4c8e3f421b32ed7eff771c22d36">https://github.com/OliveTin/OliveTin/commit/f044d90d5525c4c8e3f421b32ed7eff771c22d36</a> • <a href="https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9">https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9</a> • <a href="https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9">https://github.com/OliveTin/OliveTin/security/advisories/GHSA-45m3-398w-m2m9</a> 📅 Mar 5, 2026

📌 CVE-2026-28789 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerabilit... https://www.cyberhub.blog/cves/CVE-2026-28789

CVE-2026-30242 🛡 <b>CVE-2026-30242</b> <b>CVSS:</b> 8.5 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> security-advisories@github.com Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses (10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.). When webhook events fire, the server makes requests to these internal addresses and stores the response — enabling SSRF with full response read-back. This issue has been patched in version 1.2.3. 🔗 <b>References</b> • <a href="https://github.com/makeplane/plane/releases/tag/v1.2.3">https://github.com/makeplane/plane/releases/tag/v1.2.3</a> • <a href="https://github.com/makeplane/plane/security/advisories/GHSA-fpx8-73gf-7x73">https://github.com/makeplane/plane/security/advisories/GHSA-fpx8-73gf-7x73</a> 📅 Mar 6, 2026

📌 CVE-2026-30242 - Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks... https://www.cyberhub.blog/cves/CVE-2026-30242

CVE-2026-27939 🛡 <b>CVE-2026-27939</b> <b>CVSS:</b> 8.8 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> security-advisories@github.com Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0. 🔗 <b>References</b> • <a href="https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a">https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a</a> • <a href="https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789">https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789</a> 📅 Feb 27, 2026

📌 CVE-2026-27939 - Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Pa... https://www.cyberhub.blog/cves/CVE-2026-27939

CVE-2026-3698 🛡 <b>CVE-2026-3698</b> <b>CVSS:</b> 8.8 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. 🔗 <b>References</b> • <a href="https://github.com/7wkajk/CVE-VUL/blob/main/3.md">https://github.com/7wkajk/CVE-VUL/blob/main/3.md</a> • <a href="https://vuldb.com/?ctiid.349644">https://vuldb.com/?ctiid.349644</a> • <a href="https://vuldb.com/?id.349644">https://vuldb.com/?id.349644</a> • <a href="https://vuldb.com/?submit.765748">https://vuldb.com/?submit.765748</a> 📅 Mar 8, 2026

📌 CVE-2026-3698 - A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads ... https://www.cyberhub.blog/cves/CVE-2026-3698

CVE-2026-3700 🛡 <b>CVE-2026-3700</b> <b>CVSS:</b> 8.8 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. 🔗 <b>References</b> • <a href="https://github.com/7wkajk/CVE-VUL/blob/main/1.md">https://github.com/7wkajk/CVE-VUL/blob/main/1.md</a> • <a href="https://vuldb.com/?ctiid.349646">https://vuldb.com/?ctiid.349646</a> • <a href="https://vuldb.com/?id.349646">https://vuldb.com/?id.349646</a> • <a href="https://vuldb.com/?submit.765750">https://vuldb.com/?submit.765750</a> 📅 Mar 8, 2026

📌 CVE-2026-3700 - A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. Th... https://www.cyberhub.blog/cves/CVE-2026-3700

CVE-2026-25887 🛡 <b>CVE-2026-25887</b> <b>CVSS:</b> 7.2 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> security-advisories@github.com Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1. 🔗 <b>References</b> • <a href="https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1">https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1</a> • <a href="https://github.com/chartbrew/chartbrew/security/advisories/GHSA-x4r6-prmw-7wvw">https://github.com/chartbrew/chartbrew/security/advisories/GHSA-x4r6-prmw-7wvw</a> 📅 Mar 6, 2026

📌 CVE-2026-25887 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1,... https://www.cyberhub.blog/cves/CVE-2026-25887

CVE-2026-25888 🛡 <b>CVE-2026-25888</b> <b>CVSS:</b> 8.8 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> security-advisories@github.com Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1. 🔗 <b>References</b> • <a href="https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1">https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1</a> • <a href="https://github.com/chartbrew/chartbrew/security/advisories/GHSA-875w-45c2-gxq8">https://github.com/chartbrew/chartbrew/security/advisories/GHSA-875w-45c2-gxq8</a> 📅 Mar 6, 2026

📌 CVE-2026-25888 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1,... https://www.cyberhub.blog/cves/CVE-2026-25888

CVE-2026-3815 🛡 <b>CVE-2026-3815</b> <b>CVSS:</b> 8.8 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. 🔗 <b>References</b> • <a href="https://github.com/whoami648/cve/blob/main/vul/10.md">https://github.com/whoami648/cve/blob/main/vul/10.md</a> • <a href="https://vuldb.com/?ctiid.349781">https://vuldb.com/?ctiid.349781</a> • <a href="https://vuldb.com/?id.349781">https://vuldb.com/?id.349781</a> • <a href="https://vuldb.com/?submit.769164">https://vuldb.com/?submit.769164</a> 📅 Mar 9, 2026

📌 CVE-2026-3815 - A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipu... https://www.cyberhub.blog/cves/CVE-2026-3815

CISA Adds Three Vulnerabilities to KEV Catalog, Including Omnissa Workspace One UEM Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Monday, citing evidence of active exploitation. Among the listed flaws is **CVE-2021-22054** (CVSS score: 7.5), a server-side request forgery (SSRF) vulnerability in **Omnissa Workspace One UEM** (formerly VMware Workspace One UEM). The notice highlights that these vulnerabilities are being actively targeted, though specific attack vectors or threat actors are not detailed. No additional CVEs or affected products (SolarWinds, Ivanti) were fully described in the provided excerpt. The update underscores the urgency of addressing these flaws due to confirmed exploitation in the wild.

📌 CISA Adds Three Vulnerabilities to KEV Catalog, Including Omnissa Workspace One UEM Flaw https://www.cyberhub.blog/article/21150-cisa-adds-three-vulnerabilities-to-kev-catalog-including-omnissa-workspace-one-uem-flaw

Transitioning Note-Taking Strategies from TryHackMe to HackTheBox The poster is transitioning from TryHackMe (THM) to HackTheBox (HTB) while continuing to use Obsidian for note-taking. They currently organize THM notes into folders like Defense, Offense, and Tools and are considering whether to create separate folders for HTB or integrate them into existing THM notes to reduce redundancy. They express concern about potential overlap and searchability issues when querying keywords. The user is also deciding between pursuing CJCA or CPTS certifications, possibly using CJCA as a stepping stone.

📌 Transitioning Note-Taking Strategies from TryHackMe to HackTheBox https://www.cyberhub.blog/article/21151-transitioning-note-taking-strategies-from-tryhackme-to-hackthebox

CVE-2019-25505 🛡 <b>CVE-2019-25505</b> <b>CVSS:</b> 7.1 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> disclosure@vulncheck.com Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-based blind, error-based, or union-based SQL injection techniques to extract sensitive database information. 🔗 <b>References</b> • <a href="https://www.exploit-db.com/exploits/46671">https://www.exploit-db.com/exploits/46671</a> • <a href="https://www.vulncheck.com/advisories/tradebox-sql-injection-via-symbol-parameter">https://www.vulncheck.com/advisories/tradebox-sql-injection-via-symbol-parameter</a> 📅 Mar 4, 2026

📌 CVE-2019-25505 - Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through ... https://www.cyberhub.blog/cves/CVE-2019-25505

CVE-2019-25503 🛡 <b>CVE-2019-25503</b> <b>CVSS:</b> 7.1 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> disclosure@vulncheck.com PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name. 🔗 <b>References</b> • <a href="https://www.exploit-db.com/exploits/46798">https://www.exploit-db.com/exploits/46798</a> • <a href="https://www.vulncheck.com/advisories/phpads-sql-injection-via-clickphp-bannerid">https://www.vulncheck.com/advisories/phpads-sql-injection-via-clickphp-bannerid</a> 📅 Mar 4, 2026

📌 CVE-2019-25503 - PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code ... https://www.cyberhub.blog/cves/CVE-2019-25503

CVE-2026-29077 🛡 <b>CVE-2026-29077</b> <b>CVSS:</b> 7.1 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> security-advisories@github.com Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user could share a document with a permission that they themselves didn't have. This issue has been patched in versions 15.98.0 and 14.100.0. 🔗 <b>References</b> • <a href="https://github.com/frappe/frappe/security/advisories/GHSA-5h4c-9p23-4c3m">https://github.com/frappe/frappe/security/advisories/GHSA-5h4c-9p23-4c3m</a> 📅 Mar 5, 2026

📌 CVE-2026-29077 - Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user c... https://www.cyberhub.blog/cves/CVE-2026-29077

CVE-2026-25702 🛡 <b>CVE-2026-25702</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> meissner@suse.de A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d. 🔗 <b>References</b> • <a href="https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25702">https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25702</a> 📅 Mar 5, 2026

📌 CVE-2026-25702 - A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via ... https://www.cyberhub.blog/cves/CVE-2026-25702

CVE-2026-3705 🛡 <b>CVE-2026-3705</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. 🔗 <b>References</b> • <a href="https://code-projects.org/">https://code-projects.org/</a> • <a href="https://github.com/Owen-YuanW/CVE/issues/1">https://github.com/Owen-YuanW/CVE/issues/1</a> • <a href="https://vuldb.com/?ctiid.349651">https://vuldb.com/?ctiid.349651</a> • <a href="https://vuldb.com/?id.349651">https://vuldb.com/?id.349651</a> • <a href="https://vuldb.com/?submit.765797">https://vuldb.com/?submit.765797</a> 📅 Mar 8, 2026

📌 CVE-2026-3705 - A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearc... https://www.cyberhub.blog/cves/CVE-2026-3705

CVE-2026-3708 🛡 <b>CVE-2026-3708</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. 🔗 <b>References</b> • <a href="https://code-projects.org/">https://code-projects.org/</a> • <a href="https://github.com/Owen-YuanW/CVE/issues/2">https://github.com/Owen-YuanW/CVE/issues/2</a> • <a href="https://vuldb.com/?ctiid.349654">https://vuldb.com/?ctiid.349654</a> • <a href="https://vuldb.com/?id.349654">https://vuldb.com/?id.349654</a> • <a href="https://vuldb.com/?submit.766138">https://vuldb.com/?submit.766138</a> 📅 Mar 8, 2026

📌 CVE-2026-3708 - A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file ... https://www.cyberhub.blog/cves/CVE-2026-3708

CVE-2026-3723 🛡 <b>CVE-2026-3723</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. 🔗 <b>References</b> • <a href="https://code-projects.org/">https://code-projects.org/</a> • <a href="https://github.com/Owen-YuanW/CVE/issues/6">https://github.com/Owen-YuanW/CVE/issues/6</a> • <a href="https://vuldb.com/?ctiid.349699">https://vuldb.com/?ctiid.349699</a> • <a href="https://vuldb.com/?id.349699">https://vuldb.com/?id.349699</a> • <a href="https://vuldb.com/?submit.766311">https://vuldb.com/?submit.766311</a> 📅 Mar 8, 2026

📌 CVE-2026-3723 - A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelet... https://www.cyberhub.blog/cves/CVE-2026-3723

CVE-2026-3730 🛡 <b>CVE-2026-3730</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of the argument amen_id/rmtype_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. 🔗 <b>References</b> • <a href="https://github.com/anon387tdug/anon387/issues/1">https://github.com/anon387tdug/anon387/issues/1</a> • <a href="https://github.com/yihaofuweng/cve/issues/62">https://github.com/yihaofuweng/cve/issues/62</a> • <a href="https://itsourcecode.com/">https://itsourcecode.com/</a> • <a href="https://vuldb.com/?ctiid.349708">https://vuldb.com/?ctiid.349708</a> • <a href="https://vuldb.com/?id.349708">https://vuldb.com/?id.349708</a> 📅 Mar 8, 2026

📌 CVE-2026-3730 - A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/... https://www.cyberhub.blog/cves/CVE-2026-3730

CVE-2026-3734 🛡 <b>CVE-2026-3734</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used. 🔗 <b>References</b> • <a href="https://gist.github.com/Adarshh-A/f25452a4fe736babd39b9a1b800e98d0">https://gist.github.com/Adarshh-A/f25452a4fe736babd39b9a1b800e98d0</a> • <a href="https://vuldb.com/?ctiid.349712">https://vuldb.com/?ctiid.349712</a> • <a href="https://vuldb.com/?id.349712">https://vuldb.com/?id.349712</a> • <a href="https://vuldb.com/?submit.767227">https://vuldb.com/?submit.767227</a> • <a href="https://www.sourcecodester.com/">https://www.sourcecodester.com/</a> 📅 Mar 8, 2026

📌 CVE-2026-3734 - A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php ... https://www.cyberhub.blog/cves/CVE-2026-3734

CVE-2026-3735 🛡 <b>CVE-2026-3735</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 🔗 <b>References</b> • <a href="https://code-projects.org/">https://code-projects.org/</a> • <a href="https://github.com/6Justdododo6/CVE/issues/10">https://github.com/6Justdododo6/CVE/issues/10</a> • <a href="https://vuldb.com/?ctiid.349713">https://vuldb.com/?ctiid.349713</a> • <a href="https://vuldb.com/?id.349713">https://vuldb.com/?id.349713</a> • <a href="https://vuldb.com/?submit.767396">https://vuldb.com/?submit.767396</a> 📅 Mar 8, 2026

📌 CVE-2026-3735 - A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of... https://www.cyberhub.blog/cves/CVE-2026-3735

CVE-2026-3740 🛡 <b>CVE-2026-3740</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. 🔗 <b>References</b> • <a href="https://github.com/DaMaTou00/project/issues/1">https://github.com/DaMaTou00/project/issues/1</a> • <a href="https://itsourcecode.com/">https://itsourcecode.com/</a> • <a href="https://vuldb.com/?ctiid.349718">https://vuldb.com/?ctiid.349718</a> • <a href="https://vuldb.com/?id.349718">https://vuldb.com/?id.349718</a> • <a href="https://vuldb.com/?submit.767341">https://vuldb.com/?submit.767341</a> 📅 Mar 8, 2026

📌 CVE-2026-3740 - A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php... https://www.cyberhub.blog/cves/CVE-2026-3740

CVE-2026-3744 🛡 <b>CVE-2026-3744</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 🔗 <b>References</b> • <a href="https://code-projects.org/">https://code-projects.org/</a> • <a href="https://github.com/CH0ico/CVE_choco_2">https://github.com/CH0ico/CVE_choco_2</a> • <a href="https://github.com/CH0ico/CVE_choco_2/blob/main/report.md">https://github.com/CH0ico/CVE_choco_2/blob/main/report.md</a> • <a href="https://vuldb.com/?ctiid.349722">https://vuldb.com/?ctiid.349722</a> • <a href="https://vuldb.com/?id.349722">https://vuldb.com/?id.349722</a> 📅 Mar 8, 2026

📌 CVE-2026-3744 - A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manip... https://www.cyberhub.blog/cves/CVE-2026-3744

CVE-2026-3746 🛡 <b>CVE-2026-3746</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. 🔗 <b>References</b> • <a href="https://github.com/CH0ico/CVE_choco_7">https://github.com/CH0ico/CVE_choco_7</a> • <a href="https://github.com/CH0ico/CVE_choco_7/blob/main/report.md">https://github.com/CH0ico/CVE_choco_7/blob/main/report.md</a> • <a href="https://vuldb.com/?ctiid.349724">https://vuldb.com/?ctiid.349724</a> • <a href="https://vuldb.com/?id.349724">https://vuldb.com/?id.349724</a> • <a href="https://vuldb.com/?submit.767882">https://vuldb.com/?submit.767882</a> 📅 Mar 8, 2026

📌 CVE-2026-3746 - A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of ... https://www.cyberhub.blog/cves/CVE-2026-3746

CVE-2026-3759 🛡 <b>CVE-2026-3759</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such manipulation of the argument reach_nm leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. 🔗 <b>References</b> • <a href="https://github.com/hmKunlun/projectworldcve/issues/3">https://github.com/hmKunlun/projectworldcve/issues/3</a> • <a href="https://vuldb.com/?ctiid.349737">https://vuldb.com/?ctiid.349737</a> • <a href="https://vuldb.com/?id.349737">https://vuldb.com/?id.349737</a> • <a href="https://vuldb.com/?submit.768059">https://vuldb.com/?submit.768059</a> 📅 Mar 8, 2026

📌 CVE-2026-3759 - A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php... https://www.cyberhub.blog/cves/CVE-2026-3759

CVE-2026-3758 🛡 <b>CVE-2026-3758</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. 🔗 <b>References</b> • <a href="https://github.com/hmKunlun/projectworldcve/issues/2">https://github.com/hmKunlun/projectworldcve/issues/2</a> • <a href="https://vuldb.com/?ctiid.349736">https://vuldb.com/?ctiid.349736</a> • <a href="https://vuldb.com/?id.349736">https://vuldb.com/?id.349736</a> • <a href="https://vuldb.com/?submit.768058">https://vuldb.com/?submit.768058</a> • <a href="https://vuldb.com/?submit.768958">https://vuldb.com/?submit.768958</a> 📅 Mar 8, 2026

📌 CVE-2026-3758 - A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/a... https://www.cyberhub.blog/cves/CVE-2026-3758

CVE-2026-3762 🛡 <b>CVE-2026-3762</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 🔗 <b>References</b> • <a href="https://gist.github.com/Adarshh-A/1aae387a3cf4ea05c871ddafc64d0348">https://gist.github.com/Adarshh-A/1aae387a3cf4ea05c871ddafc64d0348</a> • <a href="https://vuldb.com/?ctiid.349740">https://vuldb.com/?ctiid.349740</a> • <a href="https://vuldb.com/?id.349740">https://vuldb.com/?id.349740</a> • <a href="https://vuldb.com/?submit.768122">https://vuldb.com/?submit.768122</a> • <a href="https://www.sourcecodester.com/">https://www.sourcecodester.com/</a> 📅 Mar 8, 2026

📌 CVE-2026-3762 - A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_de... https://www.cyberhub.blog/cves/CVE-2026-3762

CVE-2026-3760 🛡 <b>CVE-2026-3760</b> <b>CVSS:</b> 7.3 — <b>High</b> <b>Status:</b> Analyzed <b>Source:</b> cna@vuldb.com A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /view_result.php. Performing a manipulation of the argument seme results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. 🔗 <b>References</b> • <a href="https://github.com/Rsansan/security-monitor/issues/1">https://github.com/Rsansan/security-monitor/issues/1</a> • <a href="https://itsourcecode.com/">https://itsourcecode.com/</a> • <a href="https://vuldb.com/?ctiid.349738">https://vuldb.com/?ctiid.349738</a> • <a href="https://vuldb.com/?id.349738">https://vuldb.com/?id.349738</a> • <a href="https://vuldb.com/?submit.768095">https://vuldb.com/?submit.768095</a> 📅 Mar 8, 2026

📌 CVE-2026-3760 - A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /view_result.php. P... https://www.cyberhub.blog/cves/CVE-2026-3760