Lucene search
K

41216 matches found

CVE
CVE
added 2026/04/27 6:15 a.m.31 views

CVE-2026-7094

ShadowCloneLabs GlutamateMCPServers contains a server-side request forgery via puppeteer_navigate (src/puppeteer/index.ts). Manipulating the argument url can trigger SSRF from remote, with no disclosed patch version. CVSS estimates range from 4.0 to 3.0/3.1 depending on vector, all indicating med...

7.5CVSS6.9AI score0.0032EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/04/27 6:0 a.m.12 views

EUVD-2026-25782

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 6:0 a.m.4 views

CVE-2026-7093

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

6.5CVSS5.1AI score0.00201EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/27 6:0 a.m.18 views

CVE-2026-7093

CVE-2026-7093 affects the code-projects Invoice System in Laravel 1.0 . The vulnerability exists in the Invoice Endpoint, specifically an unspecified function under the path /invoice/ where manipulating the argument ID leads to improper authorization. It is a network‑accessible issue with LOW to ...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 5:45 a.m.23 views

CVE-2026-7092 code-projects Invoice System in Laravel Profile profile improper authorization

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

6.5CVSS0.00201EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 5:30 a.m.6 views

CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS6AI score0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 5:30 a.m.34 views

CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS0.00201EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 5:15 a.m.4 views

CVE-2026-7090 code-projects Chat System send_message.php cross site scripting

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.1AI score0.00253EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 5:15 a.m.21 views

CVE-2026-7090

CVE-2026-7090 affects code-projects Chat System 1.0 via /admin/send_message.php: the msg parameter is vulnerable to cross-site scripting. The issue arises from improper handling of the argument, enabling remote exploitation with a public exploit. No remediation details are provided in the availab...

4.8CVSS3.3AI score0.00253EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 5:0 a.m.5 views

EUVD-2026-25773

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated...

5.3CVSS3.8AI score0.00377EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 5:0 a.m.46 views

CVE-2026-7089

CVE-2026-7089 affects code-projects Home Service System 1.0. The vulnerability targets the Appointment Booking component, specifically the /booking.php file, where manipulation of the fname/lname parameters enables cross-site scripting. The description notes remote initiation and publicly disclos...

5.3CVSS3.7AI score0.00377EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 4:45 a.m.25 views

CVE-2026-7088

SourceCodester Pharmacy Sales and Inventory System 1.0 contains a SQL injection in /ajax.php?action=save_receiving triggered by manipulating the ID parameter. The flaw is exploitable remotely and the exploit is publicly available. No remediation details are provided in the documents.

7.5CVSS7.4AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 4:45 a.m.7 views

CVE-2026-7088

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/27 4:45 a.m.31 views

CVE-2026-7088 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

7.5CVSS0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 4:45 a.m.5 views

EUVD-2026-25772

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 4:30 a.m.5 views

CVE-2026-7087

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS5.4AI score0.00254EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/27 4:30 a.m.13 views

CVE-2026-7087

SourceCodester Pharmacy Sales and Inventory System 1.0 contains a SQL injection in /ajax.php?action=save_sales via manipulation of the ID parameter. The flaw is triggered remotely, allowing an attacker to influence the database query. The exploit is public and may be used for attacks. The descrip...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 4:30 a.m.33 views

CVE-2026-7087 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/04/27 4:16 a.m.8 views

CVE-2026-7085

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

5CVSS0.00248EPSS
Exploits0References6
NVD
NVD
added 2026/04/27 4:16 a.m.15 views

CVE-2026-7082

A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been...

9CVSS0.00619EPSS
Exploits1References5
Rows per page
Query Builder