Lucene search
K

175 matches found

OSV
OSV
added last week8 views

PYSEC-2026-1803 pretix has Broken Access Control Allowing Cross-User File Access via UUID

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS5.9AI score0.00226EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 8:59 p.m.3 views

CVE-2026-53609 Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, apos.util.set traverses dot-notation paths without sanitizing proto, allowing an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirm...

9.1CVSS6AI score0.00237EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10693

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8772

A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for...

5.8CVSS5.3AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-34907

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

5.1CVSS5.4AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-10619

A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product...

7.5CVSS6.9AI score0.00498EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-10693 SourceCodester Online Boat Reservation System Administrative Endpoint improper authorization

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.42 views

CVE-2026-10693 SourceCodester Online Boat Reservation System Administrative Endpoint improper authorization

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit...

6.5CVSS0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/03 12:0 a.m.11 views

EUVD-2026-34058

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-45889

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References7
NVD
NVD
added 2026/06/02 9:16 p.m.28 views

CVE-2026-10619

A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product...

7.5CVSS0.00498EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/02 8:0 p.m.34 views

CVE-2026-10619 sayan365 student-management-system improper authentication

A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product...

7.5CVSS0.00498EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:0 p.m.9 views

CVE-2026-10619

A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product...

7.5CVSS6.8AI score0.00498EPSS
Exploits0References12
NVD
NVD
added 2026/06/02 10:16 a.m.15 views

CVE-2026-34907

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

5.1CVSS0.00285EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:31 a.m.11 views

CVE-2026-34907

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

5.1CVSS5.7AI score0.00285EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/02 8:31 a.m.10 views

CVE-2026-34907 Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

5.1CVSS5.7AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 8:31 a.m.41 views

CVE-2026-34907 Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

5.1CVSS0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 8:31 a.m.13 views

EUVD-2026-33903

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

9.3CVSS5.7AI score0.00557EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-45851

Name of the Vulnerable Software and Affected Versions sayan365 student-management-system versions prior to 7f3c9ce7d410332335c2affac93a385485051800 Description An issue in multiple endpoints allows for remote manipulation resulting in improper authentication. This occurs within an unknown functio...

7.5CVSS7AI score0.00498EPSS
Exploits0References15
NVD
NVD
added 2026/06/01 5:16 p.m.18 views

CVE-2026-10271

A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint. This manipulation of the argument uid causes execution after redirect. It is possible to initiate...

7.5CVSS0.00299EPSS
Exploits0References5
Rows per page
Query Builder