CVE-2026-6142 tushar-2223 Hotel Management System roomdelete.php sql injection

A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of th...

CVE-2026-6142

creationtimestamp| type| source ---|---|--- 2026-04-12 16:16:36+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-6142 2026-04-13 02:58:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjdunould22r 2026-04-13 03:16:54+00:00|...

Debian: Security Advisory (DSA-6142-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-6142

A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-6142

creationtimestamp| type| source ---|---|--- 2025-06-16 22:40:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18550 2025-06-16 23:29:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrr53xv3jc2p...

CVE-2025-6142

A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-6142 Intera InHire server-side request forgery

A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-6142

The CVE-2025-6142 entry relates to Intera InHire (up to 20250530). The vulnerability is a server-side request forgery caused by manipulation of the argument 29chcotoo9, allowing remote exploitation. Public exploit information exists, and the vendor has not responded to disclosure per the sources....

CVE-2020-6142

A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-6142

Actiontec WCB6200Q uhtcprecvcontent Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specif...

CVE-2024-6142 Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability

Actiontec WCB6200Q uhtcprecvcontent Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specif...

CVE-2023-6142

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...

CVE-2023-6142

Dev Blog v1.0 is affected by an XSS vulnerability triggered via an unrestricted file upload with poor filename entropy. An attacker can upload a malicious HTML file and then guess the filename to deliver it to a victim. Affected component: Dev Blog (Node.js/Express/MongoDB) v1.0; root cause: lack...

CVE-2023-6142 Dev Blog v1.0 - Stored XSS

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : nghttp2 vulnerability (USN-6142-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6142-1 advisory. Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

Mageia: Security Advisory (MGASA-2018-0268)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-6142

A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2020-6142

A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2020-6142

OS4Ed openSIS 7.3 is affected by CVE-2020-6142 through a local file inclusion in the Modules.php functionality. A vulnerability in the modname parameter allows an attacker to include arbitrary files via directory traversal and potentially execute remote PHP code. The weakness is exploitable via c...

CVE-2019-6142

It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue...