Lucene search
K

3805 matches found

CVE
CVE
added 17 hours ago10 views

CVE-2026-15537

The CVE-2026-15537 affects SourceCodester Online Book Store System 1.0, with the vulnerability residing in admin/login.php where the Username parameter is SQL-injected. This allows a remote attacker to exploit the flaw (PROOF-OF-CONCEPT) and aligns with a high-severity CVSS in the provided metric...

7.5CVSS6.8AI score
Exploits0References6
EUVD
EUVD
added 22 hours ago8 views

EUVD-2026-43255

A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...

7.5CVSS6.7AI score
Exploits0References6
NVD
NVD
added 22 hours ago8 views

CVE-2026-15514

A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...

7.5CVSS
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-15514

Metasoft MetaCRM (up to version 6.4.0 Beta06) contains a SQL injection vulnerability in PHPRPC Remote Call Interface, specifically in RPCService.query within /customizemt/xkq/rpc.jsp. The issue arises from manipulation of the argument phprpc_args, enabling remote exploitation. Public exploit avai...

7.5CVSS6.7AI score
Exploits0References5
Cvelist
Cvelist
added yesterday11 views

CVE-2026-15514 Metasoft 美特软件 MetaCRM PHPRPC Remote Call rpc.jsp RPCService.query sql injection

A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...

7.5CVSS
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-15498

CVE-2026-15498 affects the sergomanov SmartHomeAdatum product, specifically the Login component’s file users.php . The root cause is improper handling of the Login argument, which enables a SQL injection. The vulnerability is exploitable remotely over the network. No version details are provided ...

7.5CVSS6.7AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 5:45 a.m.6 views

CVE-2026-14799

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/07/05 11:16 p.m.9 views

CVE-2026-14773

A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 10:16 p.m.6 views

CVE-2026-14771

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /editexam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 9:0 p.m.15 views

CVE-2026-14770

The CVE-2026-14770 entry affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in the /edit_room.php script caused by manipulating the ID parameter, allowing remote initiation of an attack. This is supported by multiple connected sources that describe...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 8:16 p.m.10 views

CVE-2026-14768

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 8:15 p.m.26 views

CVE-2026-14769 code-projects Real State Services pay.php sql injection

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 4:0 p.m.8 views

CVE-2026-14762

A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack...

7.5CVSS6.8AI score0.00269EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:0 p.m.6 views

CVE-2026-14750

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 9:16 a.m.7 views

CVE-2026-14732

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /editexam.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

7.5CVSS0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 6:0 a.m.8 views

CVE-2026-14717

A vulnerability was detected in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /patientlogin.php. Performing a manipulation of the argument loginid results in sql injection. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/04 10:15 p.m.35 views

CVE-2026-14659 itsourcecode Hospital Management System patientappointment.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public...

6.5CVSS0.00319EPSS
Exploits0References6
CVE
CVE
added 2026/07/04 9:0 p.m.18 views

CVE-2026-14654

CVE-2026-14654 concerns an SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0. The flaw affects an unknown function in the file /admin/girlsproductdeletequery.php where manipulating the user_id argument enables injection. The vulnerability can be exploited remotely and the e...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
NVD
NVD
added 2026/07/04 7:16 p.m.10 views

CVE-2026-14642

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /editclass2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS0.00412EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 3:16 p.m.7 views

CVE-2026-13572

A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of the argument patientid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
Rows per page
Query Builder