A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifiers. The attack may be performed from remote. The exploit has been disclosed to the public and may be use

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifiers. The attack may be performed from remote. The exploit has been disclosed to the public and may be use

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed publicly

CVE-2026-10168 是 OUSL-GROUP-BrinaryBrains 开发的学校学生管理系统（School Student Management System）中的一个安全漏洞。该漏洞影响截至 commit 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 的版本。漏洞位于 application/controllers/Parents.php 文件中的 marks 函数内，由于对参数 param1 的输入验证不足，导致系统未能正确限制资源标识符，攻击者可通过操纵该参数实现资源标识符的不当控制（CWE-99）。攻击者无需高权限，通过网络远程即可发起攻击，且漏洞细节及利用方法已经公开披露，可能已被实际利用。由于该项目采用持续交付滚动发布模式，目前没有明确的受影响版本范围和修复版本信息。开发团队已通过问题报告获知漏洞，但尚未回应。该漏洞 CVSS 评分为 6.3（中等），影响机密性、完整性和可用性，需通过限制网络访问、加强输入验证、等待官方补丁等方式缓解风险。建议用户密切关注项目更新，并在必要时采取临时缓解措施，如限制相关功能的外部访问或实施 Web 应用防火墙规则。

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improper control of resource identifiers. The attack may be performed from remote. This attack is characteriz

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improper control of resource identifiers. The attack may be performed from remote. This attack is characteriz