MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-10265 | A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_topic.php. Such manipulation of the argument topic_id leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | 2.1 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10263 | A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10262 | A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10261 | A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10260 | A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10258 | A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add_sub_topic.php. This manipulation of the argument topic_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | 2.1 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10257 | A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update_ss_img.php. The manipulation of the argument topic_id results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | 2.1 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10256 | A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save_comment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | 2.1 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10253 | A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10252 | A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /manage_tenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10251 | A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10250 | A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10249 | A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10248 | A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create_supplier of the file /Export_csv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | 2.0 | 0.05% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10242 | A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topic_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | 2.1 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10237 | A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | 2.0 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10235 | A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the argument txt_search_category causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | 2.1 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10227 | A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add_user_check.php of the component User Creation Handler. The manipulation of the argument role leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version d | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10226 | A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument user_id/course_id/teacher_id/student_id/application_id can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version d | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |
| CVE-2026-10225 | A vulnerability was detected in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login_check.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for a | 5.5 | 0.03% | 2026-06-01 | 2026-06-01 |