Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40965 matches found

CVE
CVEadded 2026/06/08 1:45 a.m.32 views

CVE-2026-11477

The CVE-2026-11477 affects hs-web hsweb-framework up to 5.0.1, specifically the OAuth2Client in hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java. The issue enables an open redirect due to manipulation of this component, with remot...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8
NVD
NVDadded 2026/06/08 1:16 a.m.9 views

CVE-2026-11474

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

7.5CVSS0.00288EPSS
Exploits0References6
NVD
NVDadded 2026/06/08 1:16 a.m.11 views

CVE-2026-11471

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

7.5CVSS0.00412EPSS
Exploits0References6
NVD
NVDadded 2026/06/08 1:16 a.m.12 views

CVE-2026-11470

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename...

6.5CVSS0.00424EPSS
Exploits0References8
NVD
NVDadded 2026/06/08 1:16 a.m.11 views

CVE-2026-11472

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may ...

7.5CVSS0.00412EPSS
Exploits0References6
NVD
NVDadded 2026/06/08 1:16 a.m.10 views

CVE-2026-11473

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS0.00319EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/08 1:15 a.m.5 views

CVE-2026-11475 Kushan2k student-management-system Certificate Verification Endpoint GradeController.php getStatus sql injection

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of...

6.5CVSS6.4AI score0.00133EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/08 1:15 a.m.38 views

CVE-2026-11475 Kushan2k student-management-system Certificate Verification Endpoint GradeController.php getStatus sql injection

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of...

6.5CVSS0.00133EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/08 1:15 a.m.12 views

EUVD-2026-35006

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of...

6.5CVSS6.4AI score0.00133EPSS
Exploits0References6
CVE
CVEadded 2026/06/08 1:15 a.m.13 views

CVE-2026-11475

The CVE-2026-11475 affects Kushan2k student-management-system. Affects the function getStatus in controllers/GradeController.php of the Certificate Verification Endpoint. The underlying issue is that manipulating the nic argument can cause an SQL injection, enabling remote exploitation. Public ex...

6.5CVSS6.4AI score0.00133EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/08 1:0 a.m.8 views

EUVD-2026-35005

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/08 1:0 a.m.43 views

CVE-2026-11474 Kushan2k student-management-system Registration Endpoint RegisterService.php unrestricted upload

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

7.5CVSS0.00288EPSS
Exploits0References6
CVE
CVEadded 2026/06/08 1:0 a.m.24 views

CVE-2026-11474

CVE-2026-11474 affects Kushan2k student-management-system (Registration Endpoint: RegisterService.php). The vulnerability arises from manipulating the stimg argument, enabling unrestricted file upload. Reported as remotely exploitable with public exploit, implying potential remote attacker impact...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/08 1:0 a.m.7 views

CVE-2026-11474 Kushan2k student-management-system Registration Endpoint RegisterService.php unrestricted upload

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/08 12:45 a.m.7 views

CVE-2026-11473 jflyfox jfinal_cms AdvicefeedbackController.java list sql injection

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS5.4AI score0.00319EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/08 12:45 a.m.11 views

EUVD-2026-35004

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS6.5AI score0.00319EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/08 12:45 a.m.40 views

CVE-2026-11473 jflyfox jfinal_cms AdvicefeedbackController.java list sql injection

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS0.00319EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/08 12:30 a.m.9 views

EUVD-2026-34998

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the...

5.5CVSS5.2AI score0.00323EPSS
Exploits0References7
EUVD
EUVDadded 2026/06/08 12:30 a.m.10 views

EUVD-2026-34993

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper...

7.5CVSS5AI score0.00294EPSS
Exploits0References7
EUVD
EUVDadded 2026/06/08 12:30 a.m.14 views

EUVD-2026-34992

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS5.1AI score0.00225EPSS
Exploits0References7
Rows per page
Query Builder