Lucene search
K

6585 matches found

Nuclei
Nuclei
added 19 hours ago16 views

Contact Form Generator <= 2.5.5 - Cross-Site Scripting

The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.9AI score0.01231EPSS
Exploits3References2
EUVD
EUVD
added 21 hours ago5 views

EUVD-2026-41785

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS6.8AI score
Exploits0References7
CVE
CVE
added yesterday8 views

CVE-2026-14772

CVE-2026-14772 affects SourceCodester Class and Exam Timetabling System 1.0/1.php. The vulnerability is a SQL injection in the edit_course1.php file, triggered by manipulating the ID parameter, indicating an unsafe query construction in that function. The issue is exploitable remotely and the pub...

7.5CVSS6.8AI score
Exploits0References6
Cvelist
Cvelist
added yesterday29 views

CVE-2026-14772 SourceCodester Class and Exam Timetabling System edit_course1.php sql injection

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS
Exploits0References6
CVE
CVE
added yesterday7 views

CVE-2026-14770

The CVE-2026-14770 entry affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in the /edit_room.php script caused by manipulating the ID parameter, allowing remote initiation of an attack. This is supported by multiple connected sources that describe...

7.5CVSS6.9AI score
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-41750

A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-listrent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...

7.5CVSS5.9AI score
Exploits0References6
CVE
CVE
added yesterday12 views

CVE-2026-14734

SourceCodester Class and Exam Timetabling System 1.0 contains a SQL injection flaw in the edit_product.php file (vulnerable function handling ID). The vulnerability arises from manipulating the ID parameter, enabling remote exploitation. Exploitation details are published (in-the-wild PoC), with ...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
CVE
CVE
added yesterday10 views

CVE-2026-14733

CVE-2026-14733 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability involves manipulation of the ID parameter in /edit_coursea.php leading to SQL injection. It is exploitable remotely and the exploit is public. CVSS metrics indicate high impact with network access, low ...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
NVD
NVD
added 2 days ago5 views

CVE-2026-14654

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago24 views

CVE-2026-14654 SourceCodester Simple and Nice Shopping Cart Script girlsproductdeletequery.php sql injection

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS0.00412EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-14654

CVE-2026-14654 concerns an SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0. The flaw affects an unknown function in the file /admin/girlsproductdeletequery.php where manipulating the user_id argument enables injection. The vulnerability can be exploited remotely and the e...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
NVD
NVD
added 4 days ago6 views

CVE-2026-12657

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.2 via the 'serviceid' parameter due to missing validation on a user controlled key. This makes it possible for...

5.3CVSS0.00381EPSS
Exploits0References12
NVD
NVD
added 5 days ago5 views

CVE-2026-34110

Guardian language-system passes the id GET parameter directly into a PHP exec call in complexstart.php line 14 without sanitization: exec"php jobs/complex.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS0.00549EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-34109

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS0.00537EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-34111

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmactext.php line 18 without sanitization: exec"php jobs/speechaudiomactext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00549EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-34097

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-34098

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-34100

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-34117 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text_to_subtitles.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in texttosubtitles.php line 19 without sanitization: exec"php jobs/texttosubtitles.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
CVE
CVE
added 5 days ago9 views

CVE-2026-34117

Guardian Language-System is affected by CVE-2026-34117 due to a vulnerability in text_to_subtitles.php where the id GET parameter is passed directly into PHP exec() without sanitization. This allows an unauthenticated, remote attacker to append shell metacharacters and execute arbitrary OS comman...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
Rows per page
Query Builder