CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/08 1:30 a.m.•5 views

CVE-2026-8125 code-projects Simple Chat System sendMessage.php sql injection

6.5CVSS6.5AI score0.0025EPSS

CVE•added 2026/05/08 1:30 a.m.•15 views

CVE-2026-8125

The affected software is code-projects Simple Chat System 1.0. Vulnerable component: sendMessage.php. Root cause: improper validation of argument type/length/business parameter validity leading to SQL injection. Attack could be launched remotely and the exploit is publicly available. CVSS metrics...

6.5CVSS6.5AI score0.0025EPSS

CNNVD•added 2026/05/08 12:0 a.m.•6 views

Code-Projects Simple Chat System 注入漏洞

Code-Projects Simple Chat System is an easy-to-use chat system developed by Code-Projects as open source. Version 1.0 of Code-Projects Simple Chat System has a SQL injection vulnerability, which arises from the validations of the parameters type/length/business in the sendMessage.php file,...

6.5CVSS6.7AI score0.0025EPSS

Exploits0References2

Cvelist•added 2026/05/08 12:0 a.m.•33 views

CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

0.00241EPSS

Exploits1References1

Redos•added 2026/05/08 12:0 a.m.•7 views

ROS-20260508-73-0007

Vulnerability in roundcubemail related to the use of an insecure alternate channel. Exploitation of the vulnerability could allow an attacker acting remotely to modify user projects and/or device configuration via cip commands...

4.3CVSS5.8AI score0.00629EPSS

Exploits2

EUVD•added 2026/05/07 9:30 p.m.•6 views

EUVD-2026-28444

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

Cvelist•added 2026/05/07 8:30 p.m.•28 views

Exploits0References6

CVE-2026-8098 code-projects Feedback System checklogin.php sql injection

7.5CVSS0.00254EPSS

ATTACKERKB•added 2026/05/07 8:30 p.m.•3 views

CVE-2026-8098

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/07 8:30 p.m.•7 views

CVE-2026-8098 code-projects Feedback System checklogin.php sql injection

CVE•added 2026/05/07 8:30 p.m.•10 views

CVE-2026-8098

code-projects Feedback System 1.0 contains a SQL injection in an unknown function of /admin/checklogin.php triggered by manipulating the email parameter. The flaw can be exploited remotely, with exploits publicly disclosed. No remediation details are provided in the supplied documents.

Github Security Blog•added 2026/05/07 5:32 p.m.•15 views

Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

5.8AI score

Exploits0References6Affected Software1

NVD•added 2026/05/07 4:16 a.m.•15 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS0.0038EPSS

CVE•added 2026/05/07 3:55 a.m.•16 views

CVE-2026-40981

CVE-2026-40981 : In Spring Cloud Config Server using Google Secrets Manager as a backend, a crafted request can expose secrets from unintended GCP projects. Affected versions and upgrades: 3.1.x: 3.1.0–3.1.13 → upgrade to 3.1.14+ 4.1.x: 4.1.0–4.1.9 → upgrade to 4.1.10+ 4.2.x: 4.2.0–4.2.6 → upgrad...

7.5CVSS5.8AI score0.0038EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/07 3:55 a.m.•22 views

EUVD-2026-28245

7.5CVSS5.8AI score0.0038EPSS

vulnersOsv•added 2026/05/07 12:13 a.m.•9 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2845 more potentially affected by CVE-2026-42580 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42580 Source advisory: SNYK:JAVA-IONETTY-16438926...

6.5CVSS6.8AI score0.00364EPSS

Exploits1

CNNVD•added 2026/05/07 12:0 a.m.•5 views

Code-Projects Feedback System 注入漏洞

Code-Projects Feedback System is an open-source feedback system developed by Code-Projects. Version 1.0 of the Code-Projects Feedback System has a injection vulnerability; this vulnerability stems from the handling of the parameter 'email' in the file 'admin/checklogin.php', which may lead to SQL...

7.5CVSS7.1AI score0.00254EPSS

CNNVD•added 2026/05/06 12:0 a.m.•4 views

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cTrash.restore function not properly verifying the anti-CSRF token, allowing attackers to...

8.7CVSS5.7AI score0.00151EPSS