CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/01 12:0 a.m.•9 views

PT-2026-45400

A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS5.6AI score0.00263EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45245

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS5.7AI score0.00372EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•15 views

PT-2026-45246

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function get safety warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit...

7.5CVSS6.7AI score0.01336EPSS

Exploits0References8

Positive Technologies•added 2026/06/01 12:0 a.m.•12 views

PT-2026-45396

A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out...

7.5CVSS6.9AI score0.00263EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-45391

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create supplier of the file /ShowForm/create supplier/main. Executing a manipulation of the argument company name can lead to cross site scripting. The attack can be launched...

5.1CVSS4.2AI score0.00203EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•9 views

PT-2026-45390

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create medicine name of the file /ShowForm/create medicine name/main. Performing a manipulation of the argument medicine name results in cross site scripting. The...

5.1CVSS4.3AI score0.00203EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-45244

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr main agent of the file astrbot/core/astr main agent.py. Such manipulation of the argument session id leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly...

6.5CVSS6.4AI score0.00211EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•13 views

PT-2026-45395

A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might...

7.5CVSS7AI score0.00269EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•21 views

PT-2026-45504

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS5.4AI score0.00295EPSS

Exploits0References9

Positive Technologies•added 2026/06/01 12:0 a.m.•16 views

PT-2026-45607

A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used...

9CVSS6.2AI score0.00472EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•18 views

PT-2026-45502

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

7.5CVSS5.5AI score0.0041EPSS

Exploits0References9

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45421

A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has be...

9CVSS6.2AI score0.00484EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-45664

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS4.3AI score0.00273EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•17 views

PT-2026-45447

A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The affected element is an unknown function of the file admin/ of the component Admin Endpoint. This manipulation of the argument uid causes execution after redirect. It is possible to initiate...

7.5CVSS6.3AI score0.00299EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45422

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

7.5CVSS5.7AI score0.00263EPSS

Vulnrichment•added 2026/05/31 11:45 p.m.•9 views

CVE-2026-10204 OFCMS JSON Query SysUserController.java query sql injection

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

6.5CVSS5.7AI score0.00192EPSS

Vulnrichment•added 2026/05/31 11:30 p.m.•10 views

CVE-2026-10203 OFCMS JSON Query SystemParamController.java query sql injection

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

6.5CVSS6.4AI score0.00196EPSS

Vulnrichment•added 2026/05/31 11:15 p.m.•7 views

CVE-2026-10202 OFCMS JSON Query SystemDictController.java query sql injection

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00192EPSS

Cvelist•added 2026/05/31 11:15 p.m.•32 views

CVE-2026-10202 OFCMS JSON Query SystemDictController.java query sql injection

6.5CVSS0.00192EPSS