Lucene search
K

41223 matches found

Cvelist
Cvelist
added 2026/04/27 1:0 a.m.37 views

CVE-2026-7073 itsourcecode Construction Management System execute.php sql injection

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

7.5CVSS0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 12:45 a.m.30 views

CVE-2026-7072 CodePanda Source canteen_management_system login.php sql injection

A vulnerability was detected in CodePanda Source canteenmanagementsystem 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may...

7.5CVSS0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/27 12:45 a.m.2 views

CVE-2026-7072 CodePanda Source canteen_management_system login.php sql injection

A vulnerability was detected in CodePanda Source canteenmanagementsystem 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/27 12:30 a.m.8 views

EUVD-2026-25747

A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS5.5AI score0.0038EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 12:15 a.m.4 views

CVE-2026-7070 code-projects Inventory Management System Login sql injection

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 12:15 a.m.5 views

EUVD-2026-25746

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 12:15 a.m.4 views

CVE-2026-7070

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35561

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the argument ID can lead to cross site scripting. It is possible to launch the attack remotely. The...

5.3CVSS3.5AI score0.0028EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35411

A vulnerability has been found in Totolink A8000RU 7.1cu.643 b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

10CVSS8.2AI score0.01766EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35532

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read document/list documents of the file server.py. Performing a manipulation of the argument docs dir/file path results in path traversal. The attack is possible to be carried out remotely. The exploit h...

7.5CVSS7AI score0.00426EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.3 views

PT-2026-35513

A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.9 views

PT-2026-35349

A vulnerability has been found in likeadmin-likeshop likeadmin php up to 1.9.6. Affected by this issue is the function queryResult of the file serverappadminapiliststoolsDataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to be...

5.8CVSS5AI score0.00253EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.14 views

PT-2026-35356

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.1AI score0.00253EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35450

A weakness has been identified in Totolink A8000RU 7.1cu.643 b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched...

10CVSS5.2AI score0.01766EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.4 views

PT-2026-35459

A vulnerability was found in vllm up to 0.19.0. The affected element is the function has mamba layers of the file vllm/v1/kv cache interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attac...

6.3CVSS5.3AI score0.00288EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.5 views

PT-2026-35409

A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used...

9CVSS7.7AI score0.03269EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.5 views

PT-2026-35281

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.4 views

PT-2026-35531

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validate url safe of the file src/mcp url downloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The...

7.5CVSS6.9AI score0.00294EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.11 views

PT-2026-35534

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS7AI score0.00356EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.10 views

PT-2026-35336

A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the publi...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References6
Rows per page
Query Builder