Lucene search
+L

21555 matches found

CVE
CVE
added yesterday5 views

CVE-2026-16073

Technical details are not publicly available in the provided documents. Monitor for updates.

5.1CVSS3.4AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-45175

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/toolcron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to the...

6.5CVSS6AI score
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-16014

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday14 views

CVE-2026-16014 code-projects Hospital Bed Management System Login Form sql injection

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-45167

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS7.1AI score
Exploits0References6
Nuclei
Nuclei
added yesterday167 views

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability

A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...

10CVSS8.3AI score0.20737EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday29 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS3.8AI score0.22002EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday86 views

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7.7AI score0.14759EPSS
Exploits2
Nuclei
Nuclei
added yesterday55 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS7AI score0.017EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added yesterday12 views

PT-2026-60740

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS5.3AI score
Exploits0References7
Nuclei
Nuclei
added 2 days ago81 views

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...

10CVSS7.2AI score0.68293EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-15697

A flaw was found in svgdotjs svg.js. A remote attacker could exploit a vulnerability in the EventTarget.on function, which improperly controls modifications to object prototype attributes. This could allow an attacker to manipulate object properties, potentially leading to unintended behavior or...

6.5CVSS6.6AI score0.0033EPSS
Exploits0References9
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-44837

A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=logfwnbcmailjsondata. Executing a manipulation of the argument subject can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References6
NVD
NVD
added 2 days ago10 views

CVE-2026-15907

A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=logfwnbcmailjsondata. Executing a manipulation of the argument subject can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

7.5CVSS0.00254EPSS
Exploits0References5
CVE
CVE
added 2 days ago13 views

CVE-2026-15909

Summary: CVE-2026-15909 affects RafyMrX TOKO-ONLINE-ROTI (up to a given commit). The vulnerability resides in an unknown function within the file lingkungan_proses/add.php? actually proses/add.php, where manipulation of the kd_cs argument leads to an authorization bypass. The issue can be exploit...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44515

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS6.3AI score0.00227EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 3 days ago4 views

The vulnerability of the Appliance Work Place microprogramming software for SonicWall SMA 1000 network devices allows a perpetrator to execute an SRF attack.

The vulnerability of the Appliance Work Place microprogramming software for SonicWall’s SMA 1000 series network interface controllers is related to insufficient checking of requests on the server side. Exploiting this vulnerability can allow a remote attacker to execute an SSRF attack...

10CVSS7.2AI score0.01266EPSS
Exploits4References5Affected Software1
OSV
OSV
added 4 days ago4 views

CVE-2026-15750 mastergo-design mastergo-magic-mcp mcp__getComponentLink get-component-link.ts z.string server-side request forgery

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

5.3CVSS6.3AI score0.00227EPSS
Exploits0References8
CVE
CVE
added 4 days ago11 views

CVE-2026-15777

CVE-2026-15777 – Use-after-free in the Chrome UI on Linux prior to 150.0.7871.125 can allow a remote attacker to induce heap corruption by tricking a user into performing specific UI gestures on a crafted HTML page. Affected product: Google Chrome (Linux UI subsystem). Root cause: use-after-free ...

7.5CVSS6.1AI score0.0026EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago9 views

CVE-2026-15773

CVE-2026-15773 is a Use-After-Free in Chrome’s Core on Windows prior to 150.0.7871.125 that could allow a remote attacker to achieve a sandbox escape via a crafted HTML page. The vulnerability affects Google Chrome Windows builds and is tracked in multiple sources. No exploitation status is provi...

9.6CVSS6.2AI score0.00251EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder