Lucene search
K

33122 matches found

EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-43281

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and mig...

6.5CVSS6.5AI score
Exploits0References7
CVE
CVE
added 9 hours ago7 views

CVE-2026-12582

The CVE affects the Library Management System WordPress plugin prior to version 3.5.8. The vulnerability arises because the plugin does not sanitize or escape a user-supplied parameter before using it in a SQL statement, enabling unauthenticated SQL injection via the book_id parameter. This can a...

6.2AI score
Exploits0References1
Cvelist
Cvelist
added 9 hours ago5 views

CVE-2026-12582 Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

Exploits0References1
CVE
CVE
added 10 hours ago6 views

CVE-2026-15536

CVE-2026-15536 affects itsourcecode Hospital Management System 1.0. The vulnerability is in /patviewprescription.php where manipulating the delid parameter enables SQL injection . It allows remote exploitation and publicly available exploits exist.

6.5CVSS6.5AI score
Exploits0References6
Nuclei
Nuclei
added 11 hours ago67 views

Purchase Order Management v1.0 - SQL Injection

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/viewdetails.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...

9.8CVSS6.5AI score0.04122EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago100 views

Masa CMS - Authentication Bypass

Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.1AI score0.06253EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago43 views

Purchase Order Management v1.0 - Cross Site Scripting (Reflected)

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...

6.1CVSS6.4AI score0.0125EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago50 views

Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Page content. id: CVE-2022-42095 info: name: Backdrop CMS version 1.23.0 - Cross Site Scripting Stored author: theamanrawat severity: medium description: | Backdrop CMS version 1.23.0 was...

4.8CVSS6AI score0.01947EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago82 views

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

7.2CVSS7AI score0.03745EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago58 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manageuser.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32028...

7.2CVSS7AI score0.04879EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago70 views

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.1AI score0.07476EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago45 views

u5cms v8.3.5 - Open Redirect

u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. id: CVE-2022-32444 info: name: u5cms v8.3.5 - Open Redirect author: 0xAkoko severity: medium description: | u5cms version 8.3.5 contains a URL...

6.1CVSS6.3AI score0.02246EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago81 views

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-bas...

6.1CVSS6.5AI score0.03345EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago89 views

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-base...

6.1CVSS6.5AI score0.03345EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago73 views

School Dormitory Management System 1.0 - SQL Injection

School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/paymenthistory.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-30512 info:...

9.8CVSS7.1AI score0.09621EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago40 views

College Management System 1.0 - SQL Injection

College Management System 1.0 contains a SQL injection vulnerability via the course code parameter. id: CVE-2022-28079 info: name: College Management System 1.0 - SQL Injection author: ritikchaddha severity: high description: | College Management System 1.0 contains a SQL injection vulnerability...

8.8CVSS7.1AI score0.28826EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago53 views

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.5AI score0.02316EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago45 views

Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting

Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview parameter. id: CVE-2021-46005 info: name: Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting author: cckuailong severity: medium description: Sourcecodester Car...

5.4CVSS6.1AI score0.02915EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago45 views

ehicle Service Management System 1.0 - Cross-Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...

4.8CVSS6AI score0.02736EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago61 views

WordPress KiviCare <2.3.9 - SQL Injection

WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route. An attacker can possibly obtain sensitive information, modify...

9.8CVSS7.1AI score0.12619EPSS
Exploits2References5
Rows per page
Query Builder