CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/08 4:0 p.m.•34 views

CVE-2026-11531 imvks786 student_management_system Administrator Login Endpoint admin_login.php sql injection

7.5CVSS0.00328EPSS

EUVD•added 2026/06/08 4:0 p.m.•6 views

EUVD-2026-35125

CVE•added 2026/06/08 4:0 p.m.•14 views

CVE-2026-11531

The CVE concerns the imvks786 student_management_system (up to commit 9599b560ad3c3b83e75d328b76bedcd489ef1f46) where the admin_login.php endpoint (Administrator Login) is affected. The vulnerability arises from manipulating the arguments a_usr and a_pwd, enabling SQL injection through improperly...

ATTACKERKB•added 2026/06/08 4:0 p.m.•5 views

CVE-2026-11531

Nuclei•added 2026/06/08 5:28 a.m.•13 views

PrestaShop - Information Disclosure

User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 allows remote attackers to obtain administrators user email addresses via manipulation of the idemployee and resettoken parameters. An attacker who has access to the Back Office login URL can trigger the...

3.7CVSS5.3AI score0.00755EPSS

Exploits1References3

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

PT-2026-47335

A security flaw has been discovered in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a usr/a pwd results...

RedhatCVE•added 2026/06/06 12:44 a.m.•11 views

Exploits0References7

CVE-2026-10877

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

7.5CVSS6.9AI score0.00328EPSS

RedhatCVE•added 2026/06/05 7:39 p.m.•7 views

CVE-2026-7227

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS7.1AI score0.00254EPSS

RedhatCVE•added 2026/06/05 7:34 p.m.•8 views

CVE-2026-10288

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

7.5CVSS7AI score0.00496EPSS

RedhatCVE•added 2026/06/05 7:24 p.m.•8 views

CVE-2026-8098

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

7.5CVSS7AI score0.00254EPSS

RedhatCVE•added 2026/06/05 7:10 p.m.•8 views

CVE-2026-35090

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

9.3CVSS5.6AI score0.00625EPSS

RedhatCVE•added 2026/06/05 7:10 p.m.•8 views

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

9.3CVSS5.5AI score0.00662EPSS

RedhatCVE•added 2026/06/05 6:49 p.m.•6 views

CVE-2024-33288

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

7.3CVSS5.7AI score0.0081EPSS

Exploits3References1

Cvelist•added 2026/06/05 6:31 p.m.•28 views

CVE-2026-5415 WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

8.8CVSS0.00335EPSS

Exploits1References2

EUVD•added 2026/06/05 12:31 a.m.•8 views

EUVD-2026-34773

7.5CVSS6.8AI score0.00328EPSS

Exploits0References7

NVD•added 2026/06/05 12:16 a.m.•5 views

CVE-2026-10877

7.5CVSS0.00328EPSS

CNNVD•added 2026/06/05 12:0 a.m.•6 views

SourceCodester Ship Ferry Ticket Reservation SQL注入漏洞

SourceCodester Ship Ferry Ticket Reservation is an open-source ticket reservation service developed by SourceCodester. Versions of SourceCodester Ship Ferry Ticket Reservation prior to 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the Username...

7.5CVSS7.5AI score0.00328EPSS