Lucene search
K

56329 matches found

Nuclei
Nuclei
added yesterday34 views

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

6.1CVSS3.7AI score0.0097EPSS
Exploits2References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2025-31206

Open Babel has out-of-bounds read in PQS lowerit pre-buffer read...

5.5CVSS5.7AI score0.00189EPSS
Exploits1References8
Patchstack
Patchstack
added 3 days ago3 views

WordPress Fitness Zone WordPress Theme theme <= 5.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fitness Zone WordPress Theme versions = 5.7...

7.1CVSS5.8AI score
Exploits0Affected Software1
CVE
CVE
added 4 days ago13 views

CVE-2026-13588

The CVE concerns seladb PcapPlusPlus 25.05, specifically TLS Hello Handler’s pcpp::SSLClientHelloMessage::getHandshakeVersion in Packet++/src/SSLHandshake.cpp. Manipulating handshakeVersion may cause a heap-based buffer overflow, with remote execution possible. Exploitation is described as high c...

6.3CVSS6.1AI score0.0038EPSS
Exploits0References9
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40118

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on th...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-13569

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS5.6AI score0.0021EPSS
Exploits0References7Affected Software1
CVE
CVE
added 4 days ago10 views

CVE-2026-13560

Summary : CVE-2026-13560 affects Edimax EW-7478APC (firmware 1.04). The vulnerable component is the POST Request Handler’s /goform/formAccept function, where manipulating the argument submit-url enables an OS command injection . The attack is remote and the exploit has been disclosed publicly. Th...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
CVE
CVE
added 4 days ago12 views

CVE-2026-13542

The CVE-2026-13542 entry concerns itsourcecode Hospital Management System 1.0. Affected is an unknown function in the file /doctorprofile.php where manipulation of the doctorname parameter enables SQL injection. The vulnerability can be triggered remotely, with public exploit disclosure reported ...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13542 itsourcecode Hospital Management System doctorprofile.php sql injection

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added 4 days ago8 views

CVE-2026-13524

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...

6.3CVSS0.00264EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-13524

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...

6.3CVSS5.7AI score0.00264EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-40012

A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclos...

9CVSS8AI score0.00476EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40015

A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the publ...

9CVSS7.6AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-39995

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-13497 itsourcecode Hospital Management System appointment.php sql injection

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...

6.5CVSS0.00204EPSS
Exploits0References6
CVE
CVE
added 5 days ago10 views

CVE-2026-13497

The CVE-2026-13497 entry concerns itsourcecode Hospital Management System 1.0. The vulnerability resides in an unknown function of /appointment.php where manipulating the editid parameter triggers an SQL injection. This can be exploited remotely and has publicly disclosed exploit material (exploi...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
CVE
CVE
added 5 days ago11 views

CVE-2026-13486

SourceCodester Class and Exam Timetabling System 1.0/6.php contains a SQL injection vulnerability in the /preview6.php endpoint, triggered by manipulating the course_year_section parameter. Exploitation can be performed remotely, and public disclosure of the exploit is noted across CVE records (C...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago13 views

PT-2026-53223

Name of the Vulnerable Software and Affected Versions Edimax EW-7478APC version 1.04 Description A stack-based buffer overflow occurs when manipulating the pppUserName argument within the formPPPoESetup function of the /goform/formPPPoESetup endpoint in the POST Request Handler component. This...

9CVSS7.8AI score0.00751EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-53112

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description Command injection is possible in the gofmt component via the GoTarget function located in the tool/src/org/antlr/v4/codegen/target/GoTarget.java file. This issue allows an attacker to execute arbitra...

5.3CVSS6.3AI score0.00678EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/25 1:2 p.m.4 views

WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.4 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.4...

6.5CVSS6AI score0.00281EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder