Lucene search
K

2085 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 1:26 a.m.8 views

CVE-2026-7493

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 1:26 a.m.12 views

EUVD-2026-32036

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 1:26 a.m.36 views

CVE-2026-7493 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of Service

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS0.0035EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43478

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 资源管理错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 10:16 p.m.20 views

CVE-2026-9603

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS0.00325EPSS
Exploits0References6
CVE
CVE
added 2026/05/26 10:0 p.m.17 views

CVE-2026-9603

CVE-2026-9603 affects SourceCodester eDoc Doctor Appointment System 1.0. The vulnerability is due to manipulation of the ID parameter in /admin/delete-session.php, leading to missing authorization and enabling remote exploitation. Public PoC/exploit details are referenced. Vulnerability details r...

6.9CVSS6.3AI score0.00325EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/26 10:0 p.m.14 views

EUVD-2026-32018

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS6.3AI score0.00325EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/26 10:0 p.m.34 views

CVE-2026-9603 SourceCodester eDoc Doctor Appointment System delete-session.php authorization

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS0.00325EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/26 10:0 p.m.14 views

CVE-2026-9603 SourceCodester eDoc Doctor Appointment System delete-session.php authorization

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS6.3AI score0.00325EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

SourceCodester eDoc Doctor Appointment System 安全漏洞

SourceCodester eDoc Doctor Appointment System is an open-source appointment system for doctors developed by SourceCodester. Version 1.0 of the SourceCodester eDoc Doctor Appointment System contains a security vulnerability. This vulnerability stems from incorrect parameter handling in the...

6.9CVSS6.6AI score0.00325EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.10 views

PT-2026-43427

Name of the Vulnerable Software and Affected Versions SourceCodester eDoc Doctor Appointment System version 1.0 Description An issue exists in the '/admin/delete-session.php' endpoint where manipulation of the ID argument leads to missing authorization. This allows for remote exploitation of the...

6.9CVSS6.5AI score0.00325EPSS
Exploits0References8
NVD
NVD
added 2026/05/18 4:16 a.m.31 views

CVE-2026-8785

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/05/18 2:45 a.m.17 views

CVE-2026-8785

Affected product: projectworlds hospital-management-system-in-php 1.0. The vulnerability is in the GET Parameter Handler, specifically the getAllPatientDetail function in update_info.php. The issue arises from manipulating the appointment_no argument, enabling SQL injection. It can be exploited r...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/18 2:45 a.m.10 views

CVE-2026-8785 projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/18 2:45 a.m.48 views

CVE-2026-8785 projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/18 2:45 a.m.11 views

CVE-2026-8785

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.10 views

PT-2026-41633

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment no can lead to sql injection. T...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Projectworlds Hospital Management System 注入漏洞

Projectworlds Hospital Management System is a hospital management system developed by the Austrian company Projectworlds. Version 1.0 of the Projectworlds Hospital Management System has a SQL injection vulnerability. This vulnerability arises from the function getAllPatientDetail in the GET...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 9:16 a.m.34 views

CVE-2026-5693

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS0.00228EPSS
Exploits0References4
Rows per page
Query Builder