CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 days ago•10 views

CVE-2026-10607

The vulnerability CVE-2026-10607 affects DedeCMS 5.7.88. The issue resides in the function dede_htmlspecialchars in /plus/flink.php, where manipulation of the msg argument leads to an SQL injection. Attacks can be remote, and exploitation is publicly available. Impact is described as potentially ...

7.5CVSS7AI score0.00024EPSS

Exploits0References4

Positive Technologies•added 3 days ago•6 views

PT-2026-45818

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dede htmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00024EPSS

NVD•added 2026/05/25 2:16 a.m.•9 views

CVE-2026-9413

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly availabl...

5.3CVSS0.00035EPSS

CVE•added 2026/05/25 1:15 a.m.•8 views

CVE-2026-9413

SourceCodester Indian Invoicing System 1.0 is affected by a cross-site scripting (XSS) flaw in the /Invoicing/category.php file. The vulnerability stems from manipulation of the message parameter (msg) that enables remote execution of an attacker-supplied script. Public exploit code exists. No re...

5.3CVSS4.2AI score0.00035EPSS

Cvelist•added 2026/05/25 1:15 a.m.•30 views

CVE-2026-9413 SourceCodester Indian Invoicing System category.php cross site scripting

5.3CVSS0.00035EPSS

NVD•added 2026/05/01 6:16 p.m.•2 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS0.00049EPSS

Exploits1References3

Cvelist•added 2026/05/01 12:0 a.m.•25 views

CVE-2025-69606

0.00049EPSS

Exploits1References3

Vulnrichment•added 2026/05/01 12:0 a.m.•1 views

CVE-2025-69606

5.9AI score0.00049EPSS

Exploits1References3

CNNVD•added 2026/04/13 12:0 a.m.•1 views

Code-Projects Simple ChatBox 代码注入漏洞

Code-Projects Simple ChatBox is a simple chat box system developed by Code-Projects as open source. Versions of Code-Projects Simple ChatBox 1.0 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “msg” in the file...

5.3CVSS5.7AI score0.00039EPSS

RedhatCVE•added 2026/04/02 5:4 a.m.•0 views

CVE-2026-30526

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The application reflects the content of the msg parameter back to the user without proper HTML encoding or...

6.1CVSS6AI score0.00018EPSS

Vulnrichment•added 2026/04/01 12:0 a.m.•0 views

CVE-2026-30526

Cvelist•added 2026/04/01 12:0 a.m.•18 views

CVE-2026-30526

0.00018EPSS

CVE•added 2026/04/01 12:0 a.m.•2 views

CVE-2026-30526

CVE-2026-30526 affects SourceCodester Zoo Management System v1.0. The vulnerability is located on the login page in the msg parameter, where user-supplied content is echoed back without proper HTML encoding/sanitization, enabling a reflected XSS via a crafted URL. The connected documents confirm ...

6.1CVSS6AI score0.00018EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2026/03/31 4:59 a.m.•0 views

CVE-2026-30562

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addstock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...

9.3CVSS6AI score0.00064EPSS

Exploits0References1

EUVD•added 2026/03/30 6:31 p.m.•3 views

EUVD-2026-17097

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addcustomer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

EUVD•added 2026/03/30 6:31 p.m.•1 views

Exploits1References2

EUVD-2026-17135

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

EUVD•added 2026/03/30 6:31 p.m.•1 views

Exploits1References2

EUVD-2026-17099

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsupplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

NVD•added 2026/03/30 4:16 p.m.•3 views

Exploits1References2

CVE-2026-30556

6.1CVSS0.00018EPSS

NVD•added 2026/03/30 4:16 p.m.•1 views

CVE-2026-30558

6.1CVSS0.00018EPSS