Lucene search
K

246 matches found

CVE
CVE
added 2026/03/03 9:32 p.m.17 views

CVE-2026-3487

The CVE-2026-3487 entry concerns itsourcecode College Management System 1.0. A SQL injection flaw affects the handling of /admin/class-result.php, where manipulating the course_code argument enables remote, unauthenticated exploitation. The vulnerability is publicly exploited or publicly disclose...

7.2CVSS5.8AI score0.00351EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.9 views

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the coursecode parameter in the file...

7.2CVSS5.8AI score0.00351EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/28 7:25 a.m.4 views

CVE-2025-13673

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS6AI score0.00461EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/28 12:0 a.m.9 views

PT-2026-22465

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.7 Description The Tutor LMS plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the coupon code parameter is not properly sanitized,...

7.5CVSS6AI score0.00461EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/26 4:16 a.m.9 views

CVE-2026-3149

A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a manipulation of the argument coursecode can lead to sql injection. The attack can be executed...

8.8CVSS5.4AI score0.0028EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the coursecode parameter in the file...

8.8CVSS6.6AI score0.0028EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/24 1:34 p.m.6 views

CVE-2025-41002

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

9.3CVSS5.8AI score0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/23 9:30 a.m.22 views

CVE-2025-41002 SQL injection in Infoticketing

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

9.3CVSS0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/23 9:30 a.m.3 views

CVE-2025-41002 SQL injection in Infoticketing

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

9.3CVSS5.8AI score0.00323EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/23 9:30 a.m.2 views

CVE-2025-41002

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

9.3CVSS5.8AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2026/02/23 9:30 a.m.16 views

CVE-2025-41002

CVE-2025-41002 is a SQL injection vulnerability in Infoticketing. An unauthenticated attacker can abuse a POST request to the path /components/cart/cartApplyDiscount.php using the 'code' parameter to retrieve, create, update, and delete data in the database. The CVSS metrics indicate a critical s...

9.3CVSS5.8AI score0.00323EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.6 views

PT-2026-21508

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

9.3CVSS5.8AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.8 views

MANANTIAL DE IDEAS Infoticketing SQL注入漏洞

MANANTIAL DE IDEAS Infoticketing is a one-stop ticketing system provided by the Spanish company MANANTIAL DE IDEAS. MANANTIAL DE IDEAS Infoticketing has a SQL injection vulnerability, which stems from improper handling of the code parameter in the components/cart/cartApplyDiscount.php file. This...

9.3CVSS5.9AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.10 views

CVE-2025-12448

The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.5 views

CVE-2025-12448

The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00266EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/19 3:25 a.m.30 views

CVE-2025-12448 Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00266EPSS
Exploits0References6
CVE
CVE
added 2026/02/19 3:25 a.m.19 views

CVE-2025-12448

Smartsupp – live chat, AI shopping assistant and chatbots for WordPress (plugin) is vulnerable up to version 3.9.1 to a Stored Cross-Site Scripting via the 'code' parameter due to insufficient input sanitization and output escaping. The vulnerability allows authenticated attackers with Subscriber...

6.4CVSS5.7AI score0.00266EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/19 3:25 a.m.4 views

CVE-2025-12448 Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00266EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20582

Name of the Vulnerable Software and Affected Versions Smartsupp – live chat, AI shopping assistant and chatbots versions prior to 3.9.2 Description The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to...

6.4CVSS5.4AI score0.00266EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.12 views

CVE-2026-1912

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References1
Rows per page
Query Builder