Lucene search
K

6395 matches found

Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.14 views

PT-2026-55824

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit course1.php file where the manipulation of the ID argument allows for SQL injection. This allows a remote attacker to interfere with the...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.9 views

PT-2026-55814

Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Event Management Page component within the file /admin/add event.php. Remote manipulation of the fdetails argument allows for SQL injection, a technique...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References9
CVE
CVE
added 2026/07/04 6:15 p.m.16 views

CVE-2026-14640

CVE-2026-14640 describes a SQL injection in CodeAstro Apartment Visitor Management System 1.0. The vulnerability is in the Login component, specifically an unknown function in /index.php, where manipulating the Username argument can lead to remote exploitation. The exploit is publicly available a...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 5:45 p.m.29 views

CVE-2026-14638 itsourcecode Hospital Management System patient.php sql injection

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 3:45 p.m.6 views

CVE-2026-14633

A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes...

5.3CVSS4.2AI score0.00288EPSS
Exploits0References7
NVD
NVD
added 2026/07/04 1:16 p.m.9 views

CVE-2026-14628

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extractmedia of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is...

6.9CVSS0.00551EPSS
Exploits1References5
CVE
CVE
added 2026/07/04 9:45 a.m.17 views

CVE-2026-14623

CVE-2026-14623 affects omec-project amf up to 2.1.1. The vulnerability lies in the NGAP Message Handler function RRCInactiveTransitionReport, where manipulation can cause a remote denial of service. Exploit code maturity is shown as PROOF-OF-CONCEPT, and a public exploit has been disclosed. A pat...

5.3CVSS5.5AI score0.00522EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/04 8:45 a.m.10 views

EUVD-2026-41661

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.12 views

PT-2026-55720

Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7 Description A remote attack can be initiated through the manipulation of the shopping cart argument in the getCartItems function within the...

8.8CVSS7.1AI score0.00598EPSS
Exploits0References12
NVD
NVD
added 2026/07/03 9:16 p.m.5 views

CVE-2026-14611

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS0.00253EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

PHP 8.5.x < 8.5.8

The version of PHP installed on the remote host is prior to 8.5.8. It is, therefore, affected by a vulnerability as referenced in the Version 8.5.8 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

5.6CVSS6AI score0.00306EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

PHP 8.2.x < 8.2.32

The version of PHP installed on the remote host is prior to 8.2.32. It is, therefore, affected by a vulnerability as referenced in the Version 8.2.32 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEV...

5.6CVSS6AI score0.00306EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41175

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Axis Communications AXIS OS Cleartext Transmission of Sensitive Information (CVE-2024-0066)

A researcher in the AXIS OS Bug Bounty Program has found that a O3C feature may expose sensitive traffic between the client Axis device and O3C server. This issue does not apply if O3C is not used. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot...

5.3CVSS5.9AI score0.00205EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47261)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. Axis has released patched AXIS OS...

4.3CVSS5.9AI score0.00347EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-6173)

A researcher in the AXIS OS Bug Bounty Program has found that a Guard Tour VAPIX API parameter accepted arbitrary values, which could let an attacker block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions for this flaw...

6.5CVSS6AI score0.00391EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 4:0 p.m.7 views

EUVD-2026-40134

A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parsebyblocktype of the file lightpcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument capturedpacketlength results in heap-based buffer overflow. It is possible to...

6.3CVSS5.7AI score0.00419EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 3:45 p.m.7 views

CVE-2026-13583

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The...

9CVSS7.6AI score0.00445EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:15 p.m.7 views

CVE-2026-13570

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/29 10:45 a.m.8 views

EUVD-2026-40071

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carri...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
Rows per page
Query Builder