Lucene search
K

1197 matches found

RedhatCVE
RedhatCVE
added 2026/04/14 1:23 a.m.6 views

CVE-2026-5810

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has...

5.1CVSS4.5AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

Hotel management system using php and mysql. 安全漏洞

Hotel Management System Using PHP and MySQL is a hotel management system developed by Alan Dsilva. Version 1.0 of this system has a security vulnerability, which stems from improper handling of the roomid GET parameter in the file /public/admin/edit-room.php. This vulnerability could allow...

6.1CVSS6.1AI score0.00181EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/04/11 7:15 p.m.126 views

Exploit for Cross-site Scripting in Devcode Openstamanager

CVE-2026-24415: OpenSTAManager Affected by XSS in modificaiva...

6.1CVSS6.1AI score0.00245EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.11 views

PT-2026-31730

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type id, distance, facilities, categories, prices, location, and Itemid. Attackers can...

6.1CVSS5.8AI score0.00226EPSS
Exploits0References5
NVD
NVD
added 2026/04/08 10:16 p.m.4 views

CVE-2026-5810

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has...

5.1CVSS0.0024EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/08 10:0 p.m.25 views

CVE-2026-5810 SourceCodester Sales and Inventory System GET Parameter delete.php cross site scripting

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has...

5.1CVSS0.0024EPSS
Exploits0References5
CVE
CVE
added 2026/04/08 10:0 p.m.8 views

CVE-2026-5810

Summary (CVE-2026-5810): A flaw in SourceCodester Sales and Inventory System 1.0 affects an unknown function in /delete.php that handles the GET parameter ID. Manipulating this argument leads to cross-site scripting (XSS). Remote exploitation is possible, and the exploit has been published. CVSS ...

5.1CVSS4.7AI score0.0024EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/08 10:0 p.m.4 views

CVE-2026-5810 SourceCodester Sales and Inventory System GET Parameter delete.php cross site scripting

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has...

5.1CVSS4.5AI score0.0024EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

SourceCodester Sales and Inventory System 代码注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a code injection vulnerability. This vulnerability stems from the handling of parameter IDs in t...

5.1CVSS5.7AI score0.0024EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35474

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS5.8AI score0.00183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS5.9AI score0.00186EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 8:26 p.m.4 views

CVE-2026-27949 Plane Exposes User Email (PII and part of credential) in GET Parameter

Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling e.g., when an invalid magic code is submitted. Transmitting personally...

2CVSS6AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 9:57 p.m.3 views

GHSA-MMM5-3G4X-QW39 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals

Description Six confrontarighe.php files across different modules in OpenSTAManager fetchArray 'SELECT mgarticolilang.title, mgarticoli.codice, inrigheinterventi. FROM inrigheinterventi INNER JOIN...

8.8CVSS6.2AI score0.00416EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-30286

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.10.2 Description OpenSTAManager contains an SQL Injection vulnerability in the confronta righe.php files across different modules. The righe parameter, received via the $ GET'righe' request, is directly...

8.8CVSS6.2AI score0.00416EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/03/25 5:48 p.m.7 views

AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

Summary The plugin/Permissions/setPermission.json.php endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and the application explicitly sets session.cookiesamesite=None on session cookies. This allows an...

8.8CVSS6AI score0.00172EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/24 11:17 p.m.3 views

CVE-2026-4778

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file updatecategory.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

6.5CVSS0.00303EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/24 11:11 p.m.25 views

CVE-2026-4781 SourceCodester Sales and Inventory System HTTP GET Parameter update_purchase.php sql injection

A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file updatepurchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from...

6.5CVSS0.00295EPSS
Exploits1References5
CVE
CVE
added 2026/03/24 11:11 p.m.10 views

CVE-2026-4781

CVE-2026-4781 affects SourceCodester Sales and Inventory System 1.0, specifically the update_purchase.php file’s HTTP GET parameter sid. The root cause is manipulation of sid leading to SQL injection, enabling remote exploitation. Multiple sources confirm the flaw and indicate an exploit has been...

8.8CVSS6.4AI score0.00295EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/24 11:11 p.m.10 views

CVE-2026-4780

CVE-2026-4780 affects SourceCodester Sales and Inventory System 1.0. The vulnerability is in the HTTP GET Parameter Handler of the file update_out_standing.php, where manipulating the sid argument enables a SQL injection. This can be carried out remotely, and public exploits exist. Multiple sourc...

8.8CVSS6.4AI score0.00295EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 10:22 p.m.7 views

CVE-2026-4778 SourceCodester Sales and Inventory System HTTP GET Parameter update_category.php sql injection

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file updatecategory.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

6.5CVSS6.4AI score0.00303EPSS
Exploits1References5
Rows per page
Query Builder