Lucene search
K

139 matches found

NVD
NVD
added 2026/06/05 6:17 p.m.9 views

CVE-2026-11342

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

7.5CVSS0.00263EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.8 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

2.7CVSS5.9AI score0.00284EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.2 views

CVE-2026-36937

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/viewdetails.php...

5.9AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/04/13 12:0 a.m.9 views

CVE-2026-36937

Product/affected software: Sourcecodester Online Resort Management System v1.0. Vulnerability: SQL injection in the admin reservations details page path /orms/admin/reservations/view_details.php. Root cause (as stated): Unsafely constructed SQL in the PHP file. Impact/risks: Documented as a SQL i...

2.7CVSS5.9AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “orderid”...

6.5CVSS6.7AI score0.00255EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

LinkAce 授权问题漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.3 had an authorization vulnerability. This vulnerability stemmed from the lack of equivalent visibility filtering when rendering notes on the web...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27370

Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news details.php, jobs details.php, or job cmp details.php with malicious...

8.8CVSS5.9AI score0.00327EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/11 12:31 p.m.6 views

EUVD-2026-11131

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

7.2CVSS5.9AI score0.00321EPSS
Exploits0References6
CVE
CVE
added 2026/02/22 1:34 p.m.13 views

CVE-2019-25440

CVE-2019-25440 — WebIncorp ERP suffers an unauthenticated SQL injection via the prod_id parameter in product_detail.php, enabling attackers to manipulate queries and potentially extract sensitive data. The vulnerability is triggered by GET requests with malicious prod_id values. Public references...

8.8CVSS5.9AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7858

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

5.5AI score0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/12 12:0 a.m.4 views

CVE-2025-69752

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

5.5AI score0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/12 12:0 a.m.3 views

CVE-2025-69752

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

5.5AI score0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/02/12 12:0 a.m.9 views

CVE-2025-69752

CVE-2025-69752 describes an access control issue in Ideagen Q-Pulse 7.1.0.32, where an authenticated user can view other users’ profile information by tampering with the objectKey parameter in the My Details page URL. The affected component is the My Details user profile functionality; the underl...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.8 views

Ideagen Q-Pulse 安全漏洞

Ideagen Q-Pulse is a quality compliance management software developed by the British company Ideagen. Version 7.1.0.32 of Ideagen Q-Pulse contains a security vulnerability. This vulnerability stems from a flaw in the My Details page’s functionality, which may allow authenticated users to access...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/12 12:0 a.m.26 views

CVE-2025-69752

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/02/06 5:16 p.m.6 views

CVE-2026-2058

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is...

9.8CVSS0.00468EPSS
Exploits3References5
EUVD
EUVD
added 2026/02/06 4:32 p.m.11 views

EUVD-2026-5657

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is...

7.5CVSS6.9AI score0.00468EPSS
Exploits3References5
OSV
OSV
added 2025/12/17 11:15 p.m.4 views

CVE-2023-53920

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface podcastdetails.php. Malicious JavaScript payloads injected into the podcast title execute when users visit the application's home page...

5.4CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder