Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3798 matches found

CVE
CVEadded 5 days ago10 views

CVE-2026-10256

The CVE-2026-10256 entry affects itsourcecode Content Management System 1.0, with the vulnerability located in /save_comment.php. The issue arises from manipulating the Name parameter to cause SQL injection, enabling remote exploitation. Public exploit code is available. Across CVSS metrics, the ...

6.5CVSS6.5AI score0.00033EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 5 days ago7 views

CVE-2026-10256 itsourcecode Content Management System save_comment.php sql injection

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /savecomment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

6.5CVSS6.5AI score0.00033EPSS
Exploits0References6
Cvelist
Cvelistadded 5 days ago25 views

CVE-2026-10256 itsourcecode Content Management System save_comment.php sql injection

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /savecomment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

6.5CVSS0.00033EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 5 days ago11 views

PT-2026-45638

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add review/save review/get all reviews of the file review app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local...

4.8CVSS5.5AI score0.00013EPSS
Exploits0References7
CNNVD
CNNVDadded 5 days ago6 views

Project Management Authorization Vulnerabilities

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from improper authorization i...

5.5CVSS6.1AI score0.00043EPSS
Exploits0References6
CNNVD
CNNVDadded 5 days ago6 views

SourceCodester Customer Review App security vulnerabilities

SourceCodester Customer Review App is an open-source customer review application developed by SourceCodester. Version 1.0 of the SourceCodester Customer Review App contains a security vulnerability. This vulnerability stems from incorrect handling of parameters name and comment in the functions...

4.8CVSS5.8AI score0.00013EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/05/28 8:13 p.m.9 views

CVE-2026-46367

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craft URLs with unescaped quotes to inject event handlers, stealing admin session cookies and achieving...

8.3CVSS5.7AI score0.00012EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/28 2:16 p.m.7 views

CVE-2026-9581

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00048EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 7:43 a.m.9 views

CVE-2026-9015

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.8AI score0.00046EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.5 views

PT-2026-44220

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.8AI score0.00046EPSS
Exploits0References11
RedhatCVE
RedhatCVEadded 2026/05/27 8:13 p.m.7 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 9:16 p.m.12 views

CVE-2026-9581

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS0.00048EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/26 8:30 p.m.6 views

CVE-2026-9581

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00048EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/05/26 8:30 p.m.7 views

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00048EPSS
Exploits0References7
CVE
CVEadded 2026/05/26 8:30 p.m.11 views

CVE-2026-9581

JeecgBoot

6.5CVSS6.2AI score0.00048EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/05/26 8:30 p.m.26 views

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS0.00048EPSS
Exploits0References7
EUVD
EUVDadded 2026/05/26 8:30 p.m.7 views

EUVD-2026-31990

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00048EPSS
Exploits0References7
NVD
NVDadded 2026/05/26 4:16 p.m.10 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS0.00016EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 4:16 p.m.11 views

CVE-2026-43934

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS0.00029EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 3:4 p.m.5 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder