Lucene search
K

1760 matches found

CVE
CVE
added 2026/05/09 10:15 a.m.16 views

CVE-2026-8185

The CVE primarily affects UGREEN CM933 1.1.59.4319, where an unknown function in the Administrative Interface allows missing authentication. This vulnerability requires local-network proximity (attack vector Adjacent) and exposes confidentiality, integrity, and availability at Low impact per the ...

6.3CVSS6.3AI score0.0032EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/08 8:20 p.m.6 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the deletion of form submissions. A user can remove other users' form submissions without proper...

6.9CVSS5.8AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 3:30 a.m.41 views

CVE-2026-8133 zyx0814 FilePress Shares Filelist API admin.php sql injection

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...

7.5CVSS0.00272EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/07 9:30 p.m.11 views

EUVD-2026-28444

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/06 8:57 p.m.11 views

Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/06 8:12 p.m.6 views

Missing Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the delete process. An attacker can remove tags and disrupt FAQ organization by sending crafted DELETE requests to the admin AP...

5.4CVSS5.8AI score0.0018EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:11 p.m.11 views

Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection

Summary Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletio...

6.1CVSS5.7AI score0.00313EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/02 5:29 a.m.3 views

CVE-2026-5110

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

7.2CVSS6AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.7 views

PT-2026-36102

Name of the Vulnerable Software and Affected Versions Dbit N300 T1 Pro wireless router version 1.0.0 Description A Cross-Site Request Forgery CSRF issue exists in the web management interface. The device fails to implement proper protection mechanisms, such as anti-CSRF tokens or strict...

8.8CVSS5.8AI score0.00163EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/30 12:0 a.m.6 views

EUVD-2026-26386

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

8.8CVSS5.4AI score0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/29 9:0 p.m.4 views

CVE-2026-7409 SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

5.8CVSS5AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-36013

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description An issue in the Setting Handler component allows for remote SQL injection. This occurs within the save settings function located in the '/pizzafy/admin/ajax.php?action=save...

5.8CVSS5.1AI score0.00253EPSS
Exploits0References7
CVE
CVE
added 2026/04/28 10:45 a.m.16 views

CVE-2026-7266

SourceCodester Pizzafy Ecommerce System 1.0 is affected by a SQL injection in the admin/ajax.php?action=save_order function via the ID parameter. The vulnerability can be exploited remotely and publicly; exploitation is noted as PROOF-OF-CONCEPT. Impact is described as low for confidentiality, in...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35705

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get cart items of the file /admin/ajax.php?action=get cart items. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has bee...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/27 3:30 a.m.30 views

CVE-2026-7083 likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection

A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...

5.8CVSS0.00253EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 3:30 a.m.3 views

CVE-2026-7083 likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection

A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...

5.8CVSS4.9AI score0.00253EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.12 views

Code-Projects Chat System 跨站脚本漏洞

Code-Projects Chat System is an open-source chat system developed by Code-Projects. Version 1.0 of the code-projects Chat System has a cross-site scripting vulnerability. This vulnerability stems from improper handling of the parameter “msg” in the “Chat Interface” component’s...

4.8CVSS5.6AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 4:15 a.m.4 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.7AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 4:15 a.m.12 views

CVE-2026-40529

CVE-2026-40529 involves a SQL injection in the CMS ALAYA provided by KANATA Limited. The vulnerability allows an attacker who has access to the administrative interface to obtain or alter information stored in the database. The connected sources (NVD/CVELIST) describe the affected product and the...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 4:15 a.m.30 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS0.00161EPSS
Exploits0References1
Rows per page
Query Builder