CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

975 matches found

CVE-2026-12131

CVE-2026-12131 affects CodeAstro Human Resource Management System 1.0, specifically the Payroll Invoice Module. The vulnerability exists in the Invoice function of the file \application\controllers\Payroll.php, where manipulation of the argument ID leads to SQL injection. Exploitation is possible...

6.5CVSS6.5AI score0.00033EPSS

Exploits0References6

RedhatCVE•added 5 days ago•6 views

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS5.4AI score0.00033EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•5 views

CVE-2026-11555

A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of...

6.3CVSS5AI score0.00093EPSS

Exploits0References6Affected Software1

Vulnrichment•added 6 days ago•5 views

CVE-2026-11554 TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation

A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

5.3CVSS5.2AI score0.0005EPSS

Exploits0References6

NVD•added 6 days ago•7 views

CVE-2026-11519

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

6.5CVSS0.00036EPSS

Exploits0References5

EUVD•added 6 days ago•5 views

EUVD-2026-35055

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS6.6AI score0.00033EPSS

Exploits0References6

EUVD•added 6 days ago•6 views

EUVD-2026-35059

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

5.1CVSS5.3AI score0.00028EPSS

Exploits0References4

CVE•added 6 days ago•16 views

CVE-2026-11493

CVE-2026-11493 affects Tenda AC15 firmware 15.03.05.19. The vulnerable element is an unknown function within the Samba component’s file /etc_ro/smb.conf. The description states that manipulating this element can cause weak password requirements, with the attack confined to the local network and a...

5CVSS5.1AI score0.00059EPSS

Exploits0References6

Cvelist•added 6 days ago•41 views

CVE-2026-11491 CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS0.00033EPSS

Exploits0References6

EUVD•added 6 days ago•8 views

EUVD-2026-35022

4.8CVSS3.6AI score0.00033EPSS

Exploits0References6

NVD•added 6 days ago•6 views

CVE-2026-11482

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

7.5CVSS0.00033EPSS

Exploits0References6

ATTACKERKB•added 6 days ago•10 views

CVE-2026-11482

7.5CVSS7.1AI score0.00033EPSS

Exploits0References6Affected Software1

Positive Technologies•added 6 days ago•8 views

PT-2026-47270

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete leave type.php. The manipulation of the argument leave type results in sql injection. The attack can be executed remotely. The exploit has been made public and could be us...

6.5CVSS6.4AI score0.00033EPSS

Exploits0References7

Positive Technologies•added 6 days ago•6 views

PT-2026-47293

Name of the Vulnerable Software and Affected Versions SourceCodester Inventory System version 1.0 Description An improper authorization issue exists in the Account Creation Handler component within the file '/Product Inventory/api/users handler.php'. A remote attacker can manipulate the ROLE...

6.5CVSS6.6AI score0.00036EPSS

Exploits0References8

Positive Technologies•added 6 days ago•6 views

PT-2026-47307

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

9CVSS8.5AI score0.00088EPSS

Exploits0References7

Positive Technologies•added 6 days ago•7 views

PT-2026-47246

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS5.4AI score0.00033EPSS

Exploits0References7

ATTACKERKB•added 2026/06/07 10:30 p.m.•7 views

CVE-2026-11464

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

3.1CVSS4.8AI score0.00033EPSS

Exploits0References7

NVD•added 2026/06/07 9:16 a.m.•11 views

CVE-2026-11458

A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...

6.9CVSS0.00042EPSS

Exploits0References5

Positive Technologies•added 2026/06/07 12:0 a.m.•13 views

PT-2026-47176

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS6.3AI score0.00031EPSS

Exploits0References6

Positive Technologies•added 2026/06/07 12:0 a.m.•9 views

PT-2026-47196

Name of the Vulnerable Software and Affected Versions songquanpeng one-api versions prior to 0.6.11-preview.7 Description A business logic error exists in the Redemption Code Top-Up Endpoint. The issue is located within the Redeem function of the model/redemption.go file. This flaw allows for...

3.1CVSS5.2AI score0.00036EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by