Lucene search
K

156 matches found

Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-31903

Name of the Vulnerable Software and Affected Versions code-projects Vehicle Showroom Management System version 1.0 Description A flaw exists in code-projects Vehicle Showroom Management System 1.0, specifically within the /util/RegisterCustomerFunction.php file. Manipulation of the BRANCH ID...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References9
NVD
NVD
added 2026/04/02 11:16 a.m.8 views

CVE-2026-5326

A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manageuser of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely...

6.9CVSS0.00404EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/29 4:30 a.m.2 views

CVE-2026-5031 BichitroGan ISP Billing Software Endpoint users-view resource injection

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/12 6:2 a.m.29 views

CVE-2026-3993 itsourcecode Payroll Management System manage_employee_deductions.php cross site scripting

A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manageemployeedeductions.php. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has bee...

5.3CVSS0.00269EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/08 9:30 p.m.5 views

EUVD-2026-10264

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References6
CVE
CVE
added 2026/03/08 1:2 p.m.12 views

CVE-2026-3734

SourceCodester Client Database Management System 1.0 is affected in the Endpoint feature, specifically the /fetch_manager_details.php function. The vulnerability arises from manipulation of the argument manager_id, leading to improper authorization. This can be exploited remotely; exploit is publ...

7.5CVSS6.8AI score0.00364EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21655

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

6.5CVSS6.3AI score0.19135EPSS
Exploits1References5
OSV
OSV
added 2026/02/20 4:32 p.m.5 views

CVE-2025-15582 detronetdip E-commerce Product Management Update authorization

A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The...

5.3CVSS5.8AI score0.00348EPSS
Exploits1References8
CVE
CVE
added 2026/02/20 4:32 p.m.13 views

CVE-2025-15582

The CVE-2025-15582 issue affects detronetdip E-commerce 1.0.0, specifically the Delete/Update function in the Product Management Module. A manipulation of the ID argument yields an authorization bypass, enabling remote exploitation. Public exploit code is referenced, and vendors have not provided...

8.1CVSS5.3AI score0.00348EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/08 7:16 p.m.5 views

CVE-2026-2174

A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely...

9.8CVSS5.5AI score0.00563EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/08 6:32 p.m.5 views

EUVD-2026-5776

A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely...

9.8CVSS5.1AI score0.00563EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/08 6:32 p.m.4 views

CVE-2026-2174

A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely...

7.5CVSS7AI score0.00563EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/02/07 10:32 a.m.38 views

CVE-2026-2083 code-projects Social Networking Site delete_post.php sql injection

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /deletepost.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...

7.5CVSS0.00323EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/06 10:32 a.m.32 views

CVE-2026-2015 Portabilis i-Educar Final Status Import FinalStatusImportService.php improper authorization

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument schoolid can lead to improper authorization. The attack can be executed remotel...

6.5CVSS0.00307EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/06 8:2 a.m.31 views

CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

4.2CVSS0.00325EPSS
Exploits1References7
OSV
OSV
added 2026/02/04 10:32 p.m.5 views

CVE-2026-1894 WeKan REST API checklistItems.js Checklist REST Bleed improper authorization

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

5.3CVSS6.3AI score0.00236EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.7 views

CVE-2024-4147

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

7.5CVSS5.5AI score0.00388EPSS
Exploits1References1
NVD
NVD
added 2026/02/02 11:16 a.m.6 views

CVE-2024-4147

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

7.5CVSS0.00388EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.7 views

PT-2026-5650

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary version 1.2.13 Description An insufficient granularity of access control allows users to delete prompts created in other organizations through ID manipulation. The application does not validate the ownership of the prompt befo...

7.5CVSS7.2AI score0.00388EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.12 views

PT-2026-5431

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A flaw exists in the User Management component of the software, specifically within the file /admin/operation/user.php. Manipulation of the group id argument can lead to...

8.8CVSS6.3AI score0.00358EPSS
Exploits1References10
Rows per page
Query Builder