CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/06/08 12:0 a.m.•3 views

Code-Projects Online Music Site 注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Music Site has a vulnerability due to incorrect handling of parameters in the file /Administrator/PHP/AdminDeleteAlbum.php. This vulnerability may lead to...

7.5CVSS7.5AI score0.00275EPSS

CNNVD•added 2026/06/08 12:0 a.m.•3 views

Code-Projects Online Music Site 注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Music Site has a vulnerability due to incorrect handling of the Category parameter in the file/Frontend/Search.php, which may lead to SQL injection attacks...

7.5CVSS7.5AI score0.00275EPSS

RedhatCVE•added 2026/06/07 12:43 a.m.•13 views

CVE-2026-11431

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...

NVD•added 2026/06/06 5:16 p.m.•9 views

CVE-2026-11438

6.5CVSS0.00214EPSS

ATTACKERKB•added 2026/06/06 5:15 p.m.•5 views

CVE-2026-11439

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS5AI score0.00214EPSS

Exploits0References7Affected Software1

EUVD•added 2026/06/06 5:15 p.m.•7 views

EUVD-2026-34974

6.5CVSS5AI score0.00214EPSS

CVE•added 2026/06/06 5:0 p.m.•19 views

CVE-2026-11438

The CVE-2026-11438 affects Theonedev Onedev up to version 15.0.5, where the vulnerability arises from improper authorization in the /projects functionality. Specifically, manipulating the argument project.forkedFromId can enable an unauthorized action, with remote attack potential. The issue is m...

6.5CVSS6.2AI score0.00214EPSS

EUVD•added 2026/06/06 5:0 p.m.•7 views

EUVD-2026-34973

6.5CVSS5.1AI score0.00214EPSS

ATTACKERKB•added 2026/06/06 5:0 p.m.•6 views

CVE-2026-11438

6.5CVSS5.1AI score0.00214EPSS

Exploits0References7Affected Software1

EUVD•added 2026/06/06 12:31 a.m.•8 views

EUVD-2026-34919

Positive Technologies•added 2026/06/06 12:0 a.m.•12 views

Exploits0References2

PT-2026-47160

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization occurs in the '/projects' file due to the manipulation of the project.forkedFromId argument. This issue allows a remote attacker to bypass authorization controls. Recommendatio...

6.5CVSS6.6AI score0.00214EPSS

Exploits0References9

NVD•added 2026/06/05 10:16 p.m.•8 views

CVE-2026-11431

8.3CVSS0.00517EPSS

CVE•added 2026/06/05 9:8 p.m.•14 views

CVE-2026-11431

CVE-2026-11431 describes a path traversal in Altium’s Projects Service download endpoint used by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path that bypasses validation, enabling reading arbitrary files (including entire directories returned as archives) ...

ATTACKERKB•added 2026/06/05 9:8 p.m.•8 views

CVE-2026-11431

RedhatCVE•added 2026/06/05 7:50 p.m.•6 views

Exploits0References2

CVE-2026-7095

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

5.3CVSS3.8AI score0.00273EPSS

RedhatCVE•added 2026/06/05 7:50 p.m.•5 views

CVE-2026-7118

A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argument id/token leads to sql injection. The attack is possible to be carried out remotely. The explo...

6.5CVSS6.4AI score0.00192EPSS

RedhatCVE•added 2026/06/05 7:50 p.m.•6 views

CVE-2026-7090

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.8AI score0.00253EPSS

RedhatCVE•added 2026/06/05 7:40 p.m.•5 views

CVE-2025-13874

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

4.3CVSS5.5AI score0.00193EPSS

RedhatCVE•added 2026/06/05 7:40 p.m.•5 views

CVE-2026-7109

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

6.9CVSS5.7AI score0.00286EPSS