1768 matches found
CVE-2026-7553
A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexercises.php. The manipulation of the argument editexercise results in sql injection. It is possible to launch the attack remotely. The exploit...
EUVD-2026-26264
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function deletesupplier of the file /ajax.php?action=deletesupplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...
Cross-site Scripting (XSS)
Overview cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ShowBase64Offsets.mjs. An attacker can execute arbitrary JavaScript code in the context of...
CVE-2026-7194
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=saveproduct. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2021-36438
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...
CVE-2026-6874 ericc-ch copilot-api Header token dns rebinding
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
EUVD-2026-24748
A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...
PT-2026-34335
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them ...
CVE-2026-22751
Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....
RansomLook 信息泄露漏洞
RansomLook is an open-source ransomware group and market monitoring tool developed by RansomLook. Versions of RansomLook prior to 1.9.0 contained an information leakage vulnerability. This vulnerability stemmed from improper filtering of private location entries in the API within the affected...
CVE-2026-5426
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...
EUVD-2026-22271
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manageappointment.php...
CVE-2026-37595
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/manageemployee.php...
PT-2026-32636
CVE-2026-37595 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/manage employee.php. https://t.co/mf3uV1c2ec...
CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters
Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...
CVE-2026-34864
Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability...
EUVD-2026-20217
Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...
Endian Firewall NAME Parameter Cross-Site Scripting Vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall NAME parameter, which originates from improperly cleaning up the input of the NAME parameter in /cgi-bin/uplinkeditor.cgi, and can be exploited by an attacker to...
CVE-2026-31272
MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...
CVE-2026-34728
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any...