Lucene search
K

3196 matches found

NVD
NVD
added yesterday5 views

CVE-2026-34104

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-34096

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday24 views

CVE-2026-34104 Guardian Language-System Unauthenticated SQL Injection via name Parameter in designer.php

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-34104

The CVE-2026-34104 entry describes an unauthenticated SQL injection in Guardian Language-System via the name parameter in designer.php. The flaw arises because the GET parameter name is directly inserted into an unsanitized SQL query (SELECT * FROM complex WHERE name='".$_GET['name']."'), allowin...

9.8CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday23 views

CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-34096

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-34096

Guardian Language-System XSS via name Parameter in designer.php. Root cause: failure to sanitize the name GET parameter before output into an HTML input value attribute (designer.php: line 57). Impact: authenticated attacker can craft a URL with script tags that execute in the victim’s browser se...

4.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-12142

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'name' Array Parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS
Exploits0References14
CVE
CVE
added yesterday11 views

CVE-2026-12142

CVE-2026-12142 affects the NEX-Forms – Ultimate Forms Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the internal parameter named '_name[]' , present in all versions up to and including 9.2.2 . Root cause: insufficient input sanitization and output escaping, co...

7.2CVSS5.9AI score
Exploits0References14
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-12142

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'name' Array Parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score
Exploits0References15
NVD
NVD
added 3 days ago8 views

CVE-2026-13570

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...

5.1CVSS0.00191EPSS
Exploits0References5
CVE
CVE
added 3 days ago14 views

CVE-2026-13570

The CVE-2026-13570 entry concerns SourceCodester Inventory Management System 1.0 and affects the User Registration Endpoint, specifically the /api/users_handler.php function where manipulating the full_name parameter leads to cross-site scripting. The vulnerability is exploitable remotely, with p...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References5
NVD
NVD
added 3 days ago7 views

CVE-2026-13555

A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/modusers/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploi...

7.5CVSS0.00412EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40059

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/modusers/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be...

5.3CVSS4.4AI score0.00443EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-13555 itsourcecode Online Hotel Management System controller.php add sql injection

A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/modusers/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploi...

7.5CVSS0.00412EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 2:16 p.m.7 views

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.3 views

EUVD-2026-39386

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.27 views

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.9 views

CVE-2026-41046

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...

7.3CVSS0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:20 p.m.31 views

CVE-2026-41046 path traversal via `config` parameter in qSnapper

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...

7.3CVSS0.00159EPSS
Exploits0References3
Rows per page
Query Builder