CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•8 views

CVE-2026-10256

The CVE-2026-10256 entry affects itsourcecode Content Management System 1.0, with the vulnerability located in /save_comment.php. The issue arises from manipulating the Name parameter to cause SQL injection, enabling remote exploitation. Public exploit code is available. Across CVSS metrics, the ...

6.5CVSS6.5AI score0.00033EPSS

CVE•added 2 days ago•9 views

CVE-2026-10247

CVE-2026-10247 affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability lies in the function create_generic_name in /ShowForm/create_generic_name/main, where manipulation of the argument generic_name leads to cross-site scripting. The attack can be carried out remotely an...

5.1CVSS4.3AI score0.00034EPSS

CVE•added 2 days ago•15 views

CVE-2026-10213

AstrBotDevs AstrBot 4.23.6 contains a path traversal flaw in the API endpoint /api/skills/delete. Manipulating the Name argument reportedly allows traversal of the filesystem. The issue is exploitable remotely, and an exploit has been released publicly. Vendor response is noted as none. The descr...

5.5CVSS5.7AI score0.00048EPSS

Positive Technologies•added 2 days ago•9 views

PT-2026-45405

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save comment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

6.5CVSS5.7AI score0.00033EPSS

Exploits0References7

CNNVD•added 2 days ago•3 views

AstrBot path traversal vulnerability

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.23.6 of AstrBot contains a path traversal vulnerability. This vulnerability stems from improper handling of the Name parameter in the/api/skills/delete file within the API Endpoint...

5.5CVSS6.1AI score0.00048EPSS

CNNVD•added 3 days ago•3 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability arises from the operation of the formPortFw function in the file/goform/formPortFw, where the parameter servername caus...

9CVSS7.7AI score0.00041EPSS

Exploits0References4

NVD•added 4 days ago•10 views

CVE-2026-10126

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has...

9CVSS0.00041EPSS

Exploits0References4

NVD•added 4 days ago•10 views

CVE-2026-10125

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

9CVSS0.00041EPSS

Exploits0References4

ATTACKERKB•added 4 days ago•6 views

CVE-2026-10112

4.8CVSS4AI score0.0003EPSS

Exploits0References5Affected Software1

Vulnrichment•added 4 days ago•6 views

CVE-2026-10112 sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting

4.8CVSS4AI score0.0003EPSS

Cvelist•added 4 days ago•33 views

CVE-2026-10112 sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting

4.8CVSS0.0003EPSS

Cvelist•added 5 days ago•26 views

CVE-2026-34127 Stored Cross-Site Scripting (XSS) via Configuration File Import on TP-Link's TL-SG108PE

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

5.3CVSS0.00038EPSS

EUVD•added 2026/05/26 12:30 a.m.•7 views

EUVD-2026-31776

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS4.2AI score0.00035EPSS

CNNVD•added 2026/05/26 12:0 a.m.•6 views

Student Management System 代码注入漏洞

Student Management System is a student management system developed by Krishanmurariji. There is a code injection vulnerability in Student Management System. This vulnerability stems from improper handling of the Name parameter in the addStudent function of the Students Controller component, which...

5.3CVSS5.7AI score0.00035EPSS

CNNVD•added 2026/05/26 12:0 a.m.•6 views

luci-app-https-dns-proxy 命令注入漏洞

Luci-app-https-dns-proxy is an OpenWrt DNS-over-HTTPS proxy with a web management interface, developed by Stan Grishin. Versions of Luci-app-https-dns-proxy dated back to December 29, 2025, and earlier have a command injection vulnerability. This vulnerability stems from command injection in the...

8.8CVSS6.1AI score0.0008EPSS

ATTACKERKB•added 2026/05/25 3:45 p.m.•4 views

CVE-2026-9471

A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRSTNAME results in cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00031EPSS

NVD•added 2026/05/25 3:16 p.m.•6 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00086EPSS

Cvelist•added 2026/05/25 2:15 p.m.•16 views

CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

8.8CVSS0.00086EPSS