4936659 matches found
Exploit for Unrestricted Upload of File with Dangerous Type in Joomlic Icagenda
No d...
Exploit for Unrestricted Upload of File with Dangerous Type in Templaza Astroid_Framework
No d...
APEX_FRAMEWORK
ApexFramework A high-performance Ruby-based framework for sec...
CVE-2026-16154
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editroom1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The...
CVE-2026-57857
The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...
CVE-2026-16155
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /schoolyr.php. The manipulation of the argument sy leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
CVE-2026-12228
A stored cross-site scripting XSS vulnerability exists in the POST /api/prompts/share endpoint of parisneo/lollms latest version. The endpoint stores attacker-controlled promptcontent into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message DM thread,...
CVE-2026-16152
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /editrooma.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...
CVE-2026-16194 zhayujie CowAgent web_fetch.py WebFetch.execute server-side request forgery
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent/tools/webfetch/webfetch.py. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has...
CVE-2026-16194 zhayujie CowAgent web_fetch.py WebFetch.execute server-side request forgery
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent/tools/webfetch/webfetch.py. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has...
Exploit for CVE-2026-63030
CVE-2026-63030 The WordPress REST API batch routing confusi...
Exploit for CVE-2026-60137
wp2shell - WordPress RCE PoC CVE-2026-63030 + CVE-2026-60137...
Exploit for CVE-2026-60137
wp2shell-detect Blackbox, non-intrusive detector for wp...
CVE-2026-16156 SourceCodester Class and Exam Timetabling System forexam.php cross site scripting
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown part of the file /forexam.php. The manipulation of the argument day results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to...
CVE-2026-16156 SourceCodester Class and Exam Timetabling System forexam.php cross site scripting
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown part of the file /forexam.php. The manipulation of the argument day results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to...
Exploit for CVE-2026-63030
No d...
CVE-2026-16155
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /schoolyr.php. The manipulation of the argument sy leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
CVE-2026-16155 SourceCodester Class and Exam Timetabling System schoolyr.php cross site scripting
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /schoolyr.php. The manipulation of the argument sy leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
CVE-2026-12228
A stored cross-site scripting XSS vulnerability exists in the POST /api/prompts/share endpoint of parisneo/lollms latest version. The endpoint stores attacker-controlled promptcontent into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message DM thread,...
CVE-2026-12228 Stored XSS in Direct Messages via Prompt Sharing in parisneo/lollms
A stored cross-site scripting XSS vulnerability exists in the POST /api/prompts/share endpoint of parisneo/lollms latest version. The endpoint stores attacker-controlled promptcontent into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message DM thread,...