menevarad007

3 exploits Active since Apr 2026
CVE-2026-37748 NOMISEC HIGH WORKING POC
Visitor Management System 1.0 - RCE
Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell and achieve Remote Code Execution on the server.
CVSS 7.2
CVE-2026-37749 NOMISEC CRITICAL WORKING POC
Simple Attendance Management System 1.0 - SQL Injection
A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.
CVSS 9.8
CVE-2026-37750 NOMISEC MEDIUM WORKING POC
School Management System - XSS
A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.
CVSS 6.1