CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/05 2:30 p.m.•8 views

EUVD-2026-34842

7.5CVSS5.2AI score0.00232EPSS

CVE•added 2026/06/05 2:30 p.m.•15 views

CVE-2026-11335

The CVE-2026-11335 affects the tittuvarghese CollegeManagementSystem (login-form.php) where the session_start function can be manipulated via UserAuthData, enabling remote session fixation. The flaw is exploitable without user privileges and is evidenced by published exploits; the project reporte...

7.5CVSS6.2AI score0.00232EPSS

ATTACKERKB•added 2026/06/05 2:0 p.m.•6 views

CVE-2026-11334

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...

7.5CVSS7.1AI score0.00284EPSS

CVE•added 2026/06/05 2:0 p.m.•16 views

CVE-2026-11334

The CVE-2026-11334 entry concerns tittuvarghese CollegeManagementSystem (dashboard_page/forms/fetch.php) where manipulating the department_code argument leads to SQL injection. A remote attacker can exploit this with no authentication required; exploit maturity is described as PoC. The vulnerabil...

7.5CVSS7.1AI score0.00284EPSS

ATTACKERKB•added 2026/06/05 1:45 p.m.•6 views

CVE-2026-11333

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboardpage/forms/uploadstudentdata.php of the component Student Data...

6.5CVSS6.2AI score0.00214EPSS

Cvelist•added 2026/06/05 1:45 p.m.•27 views

CVE-2026-11333 tittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted upload

6.5CVSS0.00214EPSS

EUVD-2026-34721

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00182EPSS

Exploits0References3

8.3CVSS6AI score0.0031EPSS

EUVD-2026-34398

Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Exploits0References3

EUVD-2026-34400

Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00312EPSS

Exploits0References3

6.5CVSS6.5AI score0.00303EPSS

EUVD-2026-34542

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

EUVD•added 2026/06/05 12:31 a.m.•9 views

EUVD-2026-34339

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

8.6CVSS6.8AI score0.02635EPSS

NVD•added 2026/06/05 12:16 a.m.•6 views

CVE-2026-10877

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

7.5CVSS0.00328EPSS

EUVD•added 2026/06/05 12:0 a.m.•8 views

EUVD-2026-34775

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...

8.8CVSS6.5AI score0.04236EPSS

Exploits1References6

Vulnrichment•added 2026/06/05 12:0 a.m.•8 views

CVE-2026-10878 D-Link DWR-M920 formSmsManage sub_41C8E8 command injection

6.5CVSS6.4AI score0.04236EPSS

Exploits1References6

Positive Technologies•added 2026/06/05 12:0 a.m.•14 views

PT-2026-46977

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS3.6AI score0.0021EPSS

Positive Technologies•added 2026/06/05 12:0 a.m.•10 views

PT-2026-47006

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub 412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

6.5CVSS6.3AI score0.01044EPSS

Positive Technologies•added 2026/06/05 12:0 a.m.•14 views

PT-2026-46976

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboard page/forms/fetch.php. The manipulation of the argument department...

5.3CVSS4AI score0.00273EPSS