Lucene search
+L

1768 matches found

NVD
NVD
added 2026/05/01 5:16 a.m.7 views

CVE-2026-7553

A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexercises.php. The manipulation of the argument editexercise results in sql injection. It is possible to launch the attack remotely. The exploit...

5.8CVSS0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/29 4:45 p.m.6 views

EUVD-2026-26264

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function deletesupplier of the file /ajax.php?action=deletesupplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/29 5:23 a.m.6 views

Cross-site Scripting (XSS)

Overview cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ShowBase64Offsets.mjs. An attacker can execute arbitrary JavaScript code in the context of...

7.2CVSS5.8AI score0.00294EPSS
Exploits0References2
NVD
NVD
added 2026/04/27 11:16 p.m.12 views

CVE-2026-7194

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=saveproduct. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 12:0 a.m.41 views

CVE-2021-36438

SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...

0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 11:30 p.m.41 views

CVE-2026-6874 ericc-ch copilot-api Header token dns rebinding

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

5.3CVSS0.00257EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 p.m.9 views

EUVD-2026-24748

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.12 views

PT-2026-34335

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them ...

9.6CVSS5.8AI score0.00287EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/21 7:16 p.m.8 views

CVE-2026-22751

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS5.8AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

RansomLook 信息泄露漏洞

RansomLook is an open-source ransomware group and market monitoring tool developed by RansomLook. Versions of RansomLook prior to 1.9.0 contained an information leakage vulnerability. This vulnerability stemmed from improper filtering of private location entries in the API within the affected...

7.5CVSS5.8AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/04/16 4:16 p.m.9 views

CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

9.1CVSS0.01008EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/14 3:30 p.m.6 views

EUVD-2026-22271

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manageappointment.php...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 3:16 p.m.6 views

CVE-2026-37595

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/manageemployee.php...

2.7CVSS0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32636

CVE-2026-37595 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/manage employee.php. https://t.co/mf3uV1c2ec...

2.7CVSS5.8AI score0.00186EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/13 6:10 p.m.4 views

CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

7.2CVSS6AI score0.00161EPSS
Exploits1References2
NVD
NVD
added 2026/04/13 5:16 a.m.3 views

CVE-2026-34864

Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability...

6.8CVSS0.00075EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 9:31 a.m.6 views

EUVD-2026-20217

Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

5.9AI score0.0024EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/07 12:0 a.m.4 views

Endian Firewall NAME Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall NAME parameter, which originates from improperly cleaning up the input of the NAME parameter in /cgi-bin/uplinkeditor.cgi, and can be exploited by an attacker to...

6.4CVSS4.9AI score0.00168EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/07 12:0 a.m.5 views

CVE-2026-31272

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

5.9AI score0.00577EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.5 views

CVE-2026-34728

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any...

8.7CVSS5.8AI score0.00693EPSS
Exploits1References1
Rows per page
Query Builder