Lucene search
+L

2096 matches found

Cvelist
Cvelist
added 2026/05/26 10:0 p.m.36 views

CVE-2026-9603 SourceCodester eDoc Doctor Appointment System delete-session.php authorization

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS0.00325EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-43427

Name of the Vulnerable Software and Affected Versions SourceCodester eDoc Doctor Appointment System version 1.0 Description An issue exists in the '/admin/delete-session.php' endpoint where manipulation of the ID argument leads to missing authorization. This allows for remote exploitation of the...

6.9CVSS6.5AI score0.00325EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.15 views

SourceCodester eDoc Doctor Appointment System 安全漏洞

SourceCodester eDoc Doctor Appointment System is an open-source appointment system for doctors developed by SourceCodester. Version 1.0 of the SourceCodester eDoc Doctor Appointment System contains a security vulnerability. This vulnerability stems from incorrect parameter handling in the...

6.9CVSS6.6AI score0.00325EPSS
Exploits0References6
NVD
NVD
added 2026/05/18 4:16 a.m.31 views

CVE-2026-8785

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/18 2:45 a.m.10 views

CVE-2026-8785 projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/05/18 2:45 a.m.17 views

CVE-2026-8785

Affected product: projectworlds hospital-management-system-in-php 1.0. The vulnerability is in the GET Parameter Handler, specifically the getAllPatientDetail function in update_info.php. The issue arises from manipulating the appointment_no argument, enabling SQL injection. It can be exploited r...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/18 2:45 a.m.11 views

CVE-2026-8785

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/18 2:45 a.m.50 views

CVE-2026-8785 projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file updateinfo.php of the component GET Parameter Handler. Executing a manipulation of the argument appointmentno can lead to sql injection. The...

7.5CVSS0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.10 views

PT-2026-41633

A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment no can lead to sql injection. T...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Projectworlds Hospital Management System 注入漏洞

Projectworlds Hospital Management System is a hospital management system developed by the Austrian company Projectworlds. Version 1.0 of the Projectworlds Hospital Management System has a SQL injection vulnerability. This vulnerability arises from the function getAllPatientDetail in the GET...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 9:16 a.m.34 views

CVE-2026-5693

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS0.00228EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.6 views

CVE-2026-5693 Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.39 views

CVE-2026-5693 Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS0.00228EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin Smart Appointment & Booking 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

5.3CVSS6AI score0.00228EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/11 7:3 p.m.10 views

WordPress Smart Appointment & Booking plugin <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation vulnerability

Missing Authorization to Unauthenticated Arbitrary Booking Cancellation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Smart Appointment & Booking versions = 1.0.8...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/08 3:31 p.m.13 views

EUVD-2026-28644

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

9.8CVSS5.9AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 3:16 p.m.16 views

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

9.8CVSS0.0026EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.8 views

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

5.9AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 12:0 a.m.16 views

CVE-2026-37431

Affected product: Beauty Parlour Management System v1.1. Vulnerability: SQL injection via the aptnumber parameter in the /appointment-detail.php endpoint. Impact (as stated): Attacker can access sensitive database information by crafting SQL statements; high confidentiality, integrity, and availa...

9.8CVSS5.9AI score0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.16 views

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

5.9AI score0.0026EPSS
Exploits0References1
Rows per page
Query Builder