By weakness (CWE)

CWE-99: related vulnerabilities

CVEs classified under CWE-99. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

3 published vulnerabilities

  • CVE-2026-10168MEDIUM 6.3

    A vulnerability in OUSL-GROUP-BrinaryBrains School Student Management System allows authenticated users to manipulate resource identifiers through the marks function in the Parents.php controller, potentially exposing or modifying student data. An attacker with login credentials can exploit this remotely by injecting malicious parameters, affecting the confidentiality and integrity of educational records. Public disclosure has occurred, increasing real-world exploitation risk.

  • CVE-2026-10624MEDIUM 4.3

    CVE-2026-10624 is a moderate-severity vulnerability in SourceCodester Human Resource Management version 1.0 that allows authenticated users to access employee information they should not be able to view. The flaw exists in the Employee View Page component and stems from improper handling of the 'employeeid' parameter, which an attacker can manipulate to bypass access controls. Because exploit code has been publicly disclosed, this vulnerability poses a realistic risk to organizations running affected systems.

  • CVE-2026-10299LOW 3.8

    CVE-2026-10299 is a resource identifier control vulnerability in code-projects Online Hospital Management System version 1.0. An authenticated attacker with high-level privileges can manipulate the 'delid' parameter in the viewdoctortimings.php file to cause unintended modifications or deletion of data. While the flaw requires administrative or high-privilege access and carries a low CVSS score, the availability of public exploit code warrants attention in environments running this system.