Lucene search
+L

33170 matches found

CVE
CVE
added 13 hours ago8 views

CVE-2026-16229

The CVE reports a cross-site scripting (XSS) flaw in itsourcecode Courier Management System up to version 1.0. The vulnerability affects an unknown functionality of the file /index.php, where manipulating the argument page can trigger XSS. It is exploitable remotely, and an exploit has been publi...

5.3CVSS3.6AI score
Exploits0References6
EUVD
EUVD
added 13 hours ago4 views

EUVD-2026-45445

A flaw has been found in itsourcecode Courier Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Executing a manipulation of the argument page can lead to cross site scripting. It is possible to launch the attack remotely. The exploit h...

5.3CVSS3.6AI score
Exploits0References6
Nuclei
Nuclei
added 19 hours ago55 views

Hospital Management System 1.0 - Cross-Site Scripting

Hospital Management System 1.0 contains a cross-site scripting vulnerability via the searchdata parameter in doctor/search.php and patient-search.php. id: CVE-2021-39411 info: name: Hospital Management System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Hospital...

6.1CVSS5.8AI score0.0089EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago58 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manageuser.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32028...

7.2CVSS7.5AI score0.04879EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago48 views

Vehicle Service Management System 1.0 - Stored Cross Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Service List section in login panel. id: CVE-2021-46072 info: name: Vehicle Service Management System 1.0 - Stored Cross Site Scripting author: TenBird severity: medium description: | Vehicle Servic...

4.8CVSS4.8AI score0.02736EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago49 views

Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting

Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview parameter. id: CVE-2021-46005 info: name: Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting author: cckuailong severity: medium description: Sourcecodester Car...

5.4CVSS5.2AI score0.02915EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago71 views

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS8.8AI score0.07476EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago47 views

Vehicle Service Management System 1.0 - Stored Cross Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Mechanic List section in login panel. id: CVE-2021-46069 info: name: Vehicle Service Management System 1.0 - Stored Cross Site Scripting author: TenBird severity: medium description: | Vehicle Servi...

4.8CVSS4.8AI score0.02736EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago152 views

H3C ER8300G2-X - Password Disclosure

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface. id: CVE-2024-32238 info: name: H3C ER8300G2-X - Password Disclosure author: s4e-io,adeljck severity: critical description: | H3...

9.8CVSS8.4AI score0.53229EPSS
Exploits0References5
Nuclei
Nuclei
added 19 hours ago16 views

Loan Management System 1.0 - SQL Injection

Loan Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2025-9744 info: name:...

9.8CVSS7.7AI score0.01664EPSS
Exploits3References3
Nuclei
Nuclei
added 19 hours ago46 views

Zoo Management System 1.0 - SQL Injection

Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.7AI score0.01721EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago15 views

PHPGurukul Hospital Management System 4.0 - SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain sensitive database information. id: CVE-2020-22165 info: name: PHPGurukul Hospital Management System 4.0 - SQL Injection...

7.5CVSS7.6AI score0.06348EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago102 views

Masa CMS - Authentication Bypass

Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS8.5AI score0.06253EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago67 views

Purchase Order Management v1.0 - SQL Injection

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/viewdetails.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...

9.8CVSS6.6AI score0.04122EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago45 views

Purchase Order Management v1.0 - Cross Site Scripting (Reflected)

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...

6.1CVSS5.8AI score0.0125EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago141 views

Online Piggery Management System v1.0 - Unauthenticated File Upload

Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php. id: CVE-2023-37629 info: name: Online Piggery Management System v1.0 - Unauthenticated File Upload author: Harsh severity: critical descriptio...

9.8CVSS8.3AI score0.23311EPSS
Exploits5References4
Nuclei
Nuclei
added 19 hours ago46 views

LMS by Masteriyo < 1.6.8 - Information Exposure

The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. id: CVE-2023-3345 info: name: LMS by Masteriyo 1.6.8 - Information Exposure author: DhiyaneshDK...

6.5CVSS7.1AI score0.01953EPSS
Exploits2References4
Nuclei
Nuclei
added 19 hours ago91 views

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-base...

6.1CVSS6.1AI score0.03345EPSS
Exploits2References5
Nuclei
Nuclei
added 19 hours ago74 views

School Dormitory Management System 1.0 - SQL Injection

School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/paymenthistory.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-30512 info:...

9.8CVSS8.8AI score0.09621EPSS
Exploits2References5
Nuclei
Nuclei
added 19 hours ago48 views

u5cms v8.3.5 - Open Redirect

u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. id: CVE-2022-32444 info: name: u5cms v8.3.5 - Open Redirect author: 0xAkoko severity: medium description: | u5cms version 8.3.5 contains a URL...

6.1CVSS6AI score0.02246EPSS
Exploits1References4
Rows per page
Query Builder