CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•4 views

CVE-2026-7093

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

6.5CVSS6.2AI score0.00046EPSS

RedhatCVE•added 2 days ago•6 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.2AI score0.00043EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-7740

A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument trackid leads to denial of service. An attack has to be approached locally. The exploit has been disclosed...

4.8CVSS4.8AI score0.00017EPSS

RedhatCVE•added 2 days ago•3 views

CVE-2026-10237

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

5.8CVSS5.3AI score0.00032EPSS

RedhatCVE•added 2 days ago•3 views

CVE-2026-10815

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS6.1AI score0.00043EPSS

RedhatCVE•added 2 days ago•3 views

CVE-2026-9483

A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument studentid results in improper authorization. The attack may be initiated remotely. The exploit has been made public a...

6.5CVSS6.3AI score0.0004EPSS

RedhatCVE•added 2 days ago•4 views

CVE-2026-10260

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

7.5CVSS7.1AI score0.00033EPSS

ATTACKERKB•added 6 days ago•7 views

CVE-2026-10302

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS5.7AI score0.00033EPSS

Exploits0References6Affected Software1

NVD•added 6 days ago•10 views

CVE-2026-10252

A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /managetenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

7.5CVSS0.00033EPSS

NVD•added 6 days ago•9 views

CVE-2026-10212

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS0.00036EPSS

ATTACKERKB•added 6 days ago•5 views

CVE-2026-10212

6.5CVSS6.4AI score0.00036EPSS

Exploits0References5Affected Software1

Vulnrichment•added 6 days ago•6 views

CVE-2026-10212 AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization

6.5CVSS6.4AI score0.00036EPSS

Positive Technologies•added 6 days ago•9 views

PT-2026-45500

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm executor.ts of the component switch pane/write to specific pane. The manipulation of the argument request.params.arguments.pane id leads to os command injection...

6.5CVSS5.6AI score0.00924EPSS

Exploits0References7

Positive Technologies•added 6 days ago•8 views

PT-2026-45244

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr main agent of the file astrbot/core/astr main agent.py. Such manipulation of the argument session id leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly...

6.5CVSS6.4AI score0.00036EPSS

NVD•added 2026/05/31 12:16 a.m.•9 views

CVE-2026-10154

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is...

5.3CVSS0.00029EPSS

Vulnrichment•added 2026/05/30 11:0 p.m.•6 views

CVE-2026-10154 Dolibarr ERP CRM messaging.php authorization

5.3CVSS5.5AI score0.00029EPSS

RedhatCVE•added 2026/05/29 8:13 p.m.•11 views

CVE-2026-9416

A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly...

5.3CVSS4.2AI score0.00035EPSS

NVD•added 2026/05/26 10:16 p.m.•12 views

CVE-2026-9603

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS0.00059EPSS

Vulnrichment•added 2026/05/26 10:0 p.m.•7 views

CVE-2026-9603 SourceCodester eDoc Doctor Appointment System delete-session.php authorization

6.9CVSS6.3AI score0.00059EPSS