CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 5 days ago•9 views

CVE-2026-11475

The CVE-2026-11475 affects Kushan2k student-management-system. Affects the function getStatus in controllers/GradeController.php of the Certificate Verification Endpoint. The underlying issue is that manipulating the nic argument can cause an SQL injection, enabling remote exploitation. Public ex...

6.5CVSS6.4AI score0.0002EPSS

Cvelist•added 5 days ago•37 views

CVE-2026-11473 jflyfox jfinal_cms AdvicefeedbackController.java list sql injection

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS0.00033EPSS

Vulnrichment•added 5 days ago•6 views

CVE-2026-11473 jflyfox jfinal_cms AdvicefeedbackController.java list sql injection

6.5CVSS5.4AI score0.00033EPSS

CVE•added 5 days ago•17 views

CVE-2026-11473

The CVE concerns jflyfox jfinal_cms (versions up to 5.1.0). The vulnerability is in AdvicefeedbackController.java list functionality, where improper handling of the orderBy argument enables SQL injection. This can be exploited remotely. The issue was reported early via an issue and no public resp...

ATTACKERKB•added 5 days ago•5 views

CVE-2026-11473

Exploits0References7Affected Software1

EUVD•added 5 days ago•10 views

EUVD-2026-35004

Cvelist•added 5 days ago•39 views

CVE-2026-11472 SourceCodester Class and Exam Timetabling System index1.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may ...

7.5CVSS0.00033EPSS

CVE•added 5 days ago•23 views

CVE-2026-11472

The CVE-2026-11472 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in the /index1.php file triggered by manipulating the Password parameter. It is remotely exploitable and the exploit has been publicly disclosed (PoC activity indicated). No spec...

EUVD•added 5 days ago•8 views

EUVD-2026-35002

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

ATTACKERKB•added 5 days ago•5 views

CVE-2026-11471

Exploits0References6Affected Software1

Vulnrichment•added 5 days ago•5 views

CVE-2026-11471 SourceCodester Class and Exam Timetabling System index2.php sql injection

Positive Technologies•added 5 days ago•7 views

PT-2026-47335

A security flaw has been discovered in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a usr/a pwd results...

7.5CVSS5.3AI score0.00033EPSS

Positive Technologies•added 5 days ago•6 views

PT-2026-47281

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

Tenable Nessus•added 5 days ago•6 views

TencentOS Server 4: php (TSSA-2026:0342)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0342 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS5.7AI score0.00076EPSS

Exploits0References2

Packet Storm•added 5 days ago•32 views

📄 Computer Laboratory Management System 1.0 SQL Injection

A remote SQL Injection vulnerability exists in Computer Laboratory Management System Using PHP and MySQL LMS version 1.0. The application fails to properly validate and sanitize user-supplied input provided through the id parameter, allowing an authenticated attacker to manipulate backend SQL...

5.8AI score

Exploits0

Positive Technologies•added 5 days ago•6 views

PT-2026-47242

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS6.2AI score0.00041EPSS

Positive Technologies•added 5 days ago•9 views

PT-2026-47205

A vulnerability was identified in jflyfox jfinal cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through ...

Positive Technologies•added 5 days ago•6 views

PT-2026-47707

CVE-2024-56120 - Cisco Unified Communications Manager SQL Injection CVE ID :CVE-2024-56120 Published : June 8, 2026, 10:16 a.m. | 44 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more...

5.5AI score

Exploits0References1

Positive Technologies•added 5 days ago•10 views

PT-2026-47203