Lucene search
K

41223 matches found

Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.8 views

PT-2026-35543

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description SQL injection can be initiated remotely via the '/ajax.php?action=delete product' endpoint. The issue occurs when the ID argument is manipulated, allowing for...

7.5CVSS7.1AI score0.00265EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.17 views

PT-2026-35533

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...

9CVSS7.7AI score0.03269EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.3 views

PT-2026-35421

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete receiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit ha...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.15 views

PT-2026-35380

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.12 views

PT-2026-35498

A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.12 views

PT-2026-35396

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilize...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.10 views

PT-2026-35520

A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet enabled leads to os command injection. It is possible to launch the...

10CVSS8.4AI score0.01766EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.12 views

PT-2026-35499

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update passwd process.php. The manipulation of the argument temp user results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS4.9AI score0.00215EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.14 views

PT-2026-35353

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save sales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.14 views

PT-2026-35338

A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit branch.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/26 11:30 p.m.4 views

CVE-2026-7067

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS5.2AI score0.02476EPSS
Exploits1References5
NVD
NVD
added 2026/04/26 11:16 p.m.6 views

CVE-2026-7064

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...

7.5CVSS0.01707EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/26 10:45 p.m.5 views

CVE-2026-7064 AgentDeskAI browser-tools-mcp browser-connector.ts os command injection

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...

7.5CVSS7AI score0.01707EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/26 10:30 p.m.6 views

CVE-2026-7063 code-projects Employee Management System Endpoint eprocess.php sql injection

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/26 10:30 p.m.4 views

EUVD-2026-25733

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

7.5CVSS5.3AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/26 10:30 p.m.35 views

CVE-2026-7063 code-projects Employee Management System Endpoint eprocess.php sql injection

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

7.5CVSS0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/04/26 10:30 p.m.13 views

CVE-2026-7063

The CVE-2026-7063 entry concerns code-projects Employee Management System 1.0, specifically the Endpoint component’s file /370project/process/eprocess.php. The vulnerability arises from manipulating the pwd argument, leading to SQL injection. Exploitation is described as remote and the exploit is...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/04/26 10:17 p.m.7 views

CVE-2026-7057

A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published a...

9CVSS0.00632EPSS
Exploits1References5
NVD
NVD
added 2026/04/26 10:17 p.m.7 views

CVE-2026-7059

A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function getsimulationposts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated...

6.9CVSS0.0044EPSS
Exploits0References5
NVD
NVD
added 2026/04/26 10:17 p.m.15 views

CVE-2026-7060

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

7.5CVSS0.00263EPSS
Exploits0References6
Rows per page
Query Builder