CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1110469 matches found

CVE-2026-11338

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS

Exploits0References6

NVD•added 1 hour ago•4 views

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS

Exploits0References6

OSV•added 2 hours ago•1 views

GHSA-HJ85-PH9Q-78JG NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

Summary The shared form-view submit handler in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirecturl; when an authenticated view...

8.4CVSS5.8AI score

Exploits0References3

OSV•added 2 hours ago•1 views

GHSA-JF3G-4GWG-4H66 NocoDB: Stored Cross-Site Scripting via Row Comments

Summary An authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. Details The comment write paths persisted the raw comment body with no server-side sanitisation; the expanded-form sidebar then rendered...

7.4CVSS5.5AI score

Exploits0References3

GithubExploit•added 2 hours ago•12 views

Exploit for CVE-2024-21182

CVE-2024-21182 - Oracle WebLogic Server Unauthenticated Stored...

7.5CVSS7.6AI score0.89649EPSS

Exploits2

CVE•added 2 hours ago•9 views

CVE-2026-11338

SourceCodester Ship Ferry Ticket Reservation System 1.0 contains a cross-site scripting vulnerability in the /admin/?page=user/manage_user handler, triggered by manipulating the Username parameter. The issue is exploitable remotely and has had exploits publicly disclosed. Affected component: the ...

4.8CVSS3.7AI score

Exploits0References6

EUVD•added 2 hours ago•3 views

EUVD-2026-34856

4.8CVSS3.8AI score

Exploits0References6

Cvelist•added 2 hours ago•7 views

CVE-2026-11338 SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting

4.8CVSS

Exploits0References6

OSV•added 2 hours ago•0 views

GHSA-6XCX-7QMG-VJFQ NocoDB: Reflected Cross-Site Scripting via Password Reset Token

Summary The password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS HTML-entity-encodes a fixed set of characters but does not escape single quotes or backslashes, so a crafted token could break out of the JS string context and...

5.1CVSS

Exploits0References3

Cvelist•added 2 hours ago•5 views

CVE-2026-11337 tittuvarghese CollegeManagementSystem fetch.php cross site scripting

5.3CVSS

Exploits0References6

EUVD•added 2 hours ago•3 views

EUVD-2026-34851

5.3CVSS4AI score

Exploits0References6

CVE•added 2 hours ago•8 views

CVE-2026-11337

The CVE-2026-11337 entry concerns tittuvarghese CollegeManagementSystem and affects an unknown functionality in /dashboard_page/forms/fetch.php where manipulating the department_name argument triggers cross-site scripting. The description indicates remote exploitation and that an exploit has been...

5.3CVSS4AI score

Exploits0References6

NVD•added 3 hours ago•4 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

Exploits1References2

GithubExploit•added 4 hours ago•13 views

Exploit for CVE-2026-3300

CVE-2026-3300 - Everest Forms Pro Unauthenticated Stored Cross...

9.8CVSS6.5AI score0.00313EPSS

Exploits1

NVD•added 4 hours ago•2 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS

Exploits1References2

NVD•added 4 hours ago•2 views

CVE-2026-50230

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS

Exploits1References2

NVD•added 4 hours ago•3 views

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS

Exploits1References2

NVD•added 4 hours ago•5 views

CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS

Exploits1References2

EUVD•added 5 hours ago•3 views

EUVD-2026-34834

6.1CVSS5.6AI score

Exploits1References2