CRITICALAi
Verified
Global

NVD CRITICAL: CVE-2026-36235 — A SQL injection vulnerability was found in the scheduleSubList.php file of itsou...

·Source: NIST NVD

Updated:

Executive Summary

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.

Analysis

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation. CVSS Score: 9.8. Published: 2026-04-10T15:16:25.077.

Indicators of Compromise (1)

CVE (1)
CVE-2026-36235
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Apr 10, 2026. Verified by: NIST.

Related Threats

CRITICALAi

Russia-aligned crime group Greyvibe extensively uses AI in attacks

Researchers have uncovered a previously undocumented Russian group that makes extensive use of large language models (LLMs) in its attacks against private, government, and military organizations in Ukraine. It uses a variety of attack vectors along with custom malware, with the goal of intelligence gathering for the ongoing war. Dubbed Greyvibe by researchers from WithSecure, the group has shown s

CSO Online
CRITICALAi

Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty

Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026. A cybersecurity researcher going by the name Nightmare Eclipse, who has disclosed several cybersecurity holes before patches were available, posted that he had tried to contact Microsoft officials and

CVE-2026-45585
CSO Online
LOWAi

Metasploit Wrap Up 05/29/2026

More Linux LPEs Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kicked off a trend of similar bugs and hot on its heels is Dirty Frag. Dirty Frag is actually two vulnerabilities in a trenchcoat, individually identified as CVE-2026-43284 and CVE-2026-43500. Each is exploitable individually

CVE-2026-43284CVE-2026-43500
Rapid7