Lucene search
+L

4936659 matches found

GithubExploit
GithubExploit
added 7 minutes ago2 views

Exploit for Unrestricted Upload of File with Dangerous Type in Joomlic Icagenda

No d...

10CVSS0.01505EPSS
Exploits5
GithubExploit
GithubExploit
added 20 minutes ago1 views

Exploit for Unrestricted Upload of File with Dangerous Type in Templaza Astroid_Framework

No d...

10CVSS0.00471EPSS
Exploits2
GithubExploit
GithubExploit
added 34 minutes ago5 views

APEX_FRAMEWORK

ApexFramework A high-performance Ruby-based framework for sec...

Exploits0
NVD
NVD
added 52 minutes ago5 views

CVE-2026-16154

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editroom1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The...

7.5CVSS
Exploits0References6
NVD
NVD
added 52 minutes ago5 views

CVE-2026-57857

The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...

5.1CVSS
Exploits0References2
NVD
NVD
added 52 minutes ago3 views

CVE-2026-16155

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /schoolyr.php. The manipulation of the argument sy leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

5.1CVSS
Exploits0References6
NVD
NVD
added 52 minutes ago5 views

CVE-2026-12228

A stored cross-site scripting XSS vulnerability exists in the POST /api/prompts/share endpoint of parisneo/lollms latest version. The endpoint stores attacker-controlled promptcontent into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message DM thread,...

8.7CVSS
Exploits0References1
NVD
NVD
added 52 minutes ago5 views

CVE-2026-16152

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /editrooma.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...

7.5CVSS
Exploits0References6
CVE
CVE
added 54 minutes ago6 views

CVE-2026-16194 zhayujie CowAgent web_fetch.py WebFetch.execute server-side request forgery

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent/tools/webfetch/webfetch.py. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has...

6.5CVSS
Exploits0References9
Cvelist
Cvelist
added 54 minutes ago6 views

CVE-2026-16194 zhayujie CowAgent web_fetch.py WebFetch.execute server-side request forgery

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent/tools/webfetch/webfetch.py. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has...

6.5CVSS
Exploits0References9
GithubExploit
GithubExploit
added 56 minutes ago8 views

Exploit for CVE-2026-63030

CVE-2026-63030 The WordPress REST API batch routing confusi...

9.8CVSS
Exploits27
GithubExploit
GithubExploit
added 58 minutes ago6 views

Exploit for CVE-2026-60137

wp2shell - WordPress RCE PoC CVE-2026-63030 + CVE-2026-60137...

9.8CVSS
Exploits27
GithubExploit
GithubExploit
added 1 hour ago7 views

Exploit for CVE-2026-60137

wp2shell-detect Blackbox, non-intrusive detector for wp...

9.8CVSS
Exploits27
CVE
CVE
added 1 hour ago5 views

CVE-2026-16156 SourceCodester Class and Exam Timetabling System forexam.php cross site scripting

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown part of the file /forexam.php. The manipulation of the argument day results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to...

5.1CVSS
Exploits0References6
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-16156 SourceCodester Class and Exam Timetabling System forexam.php cross site scripting

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown part of the file /forexam.php. The manipulation of the argument day results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to...

5.1CVSS
Exploits0References6
GithubExploit
GithubExploit
added 1 hour ago11 views

Exploit for CVE-2026-63030

No d...

9.8CVSS
Exploits27
CVE
CVE
added 1 hour ago6 views

CVE-2026-16155

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /schoolyr.php. The manipulation of the argument sy leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

5.1CVSS
Exploits0References6
Cvelist
Cvelist
added 1 hour ago7 views

CVE-2026-16155 SourceCodester Class and Exam Timetabling System schoolyr.php cross site scripting

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /schoolyr.php. The manipulation of the argument sy leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

5.1CVSS
Exploits0References6
CVE
CVE
added 1 hour ago7 views

CVE-2026-12228

A stored cross-site scripting XSS vulnerability exists in the POST /api/prompts/share endpoint of parisneo/lollms latest version. The endpoint stores attacker-controlled promptcontent into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message DM thread,...

8.7CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago9 views

CVE-2026-12228 Stored XSS in Direct Messages via Prompt Sharing in parisneo/lollms

A stored cross-site scripting XSS vulnerability exists in the POST /api/prompts/share endpoint of parisneo/lollms latest version. The endpoint stores attacker-controlled promptcontent into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message DM thread,...

8.7CVSS
Exploits0References1
Rows per page
Query Builder