6395 matches found
PT-2026-55824
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit course1.php file where the manipulation of the ID argument allows for SQL injection. This allows a remote attacker to interfere with the...
PT-2026-55814
Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Event Management Page component within the file /admin/add event.php. Remote manipulation of the fdetails argument allows for SQL injection, a technique...
CVE-2026-14640
CVE-2026-14640 describes a SQL injection in CodeAstro Apartment Visitor Management System 1.0. The vulnerability is in the Login component, specifically an unknown function in /index.php, where manipulating the Username argument can lead to remote exploitation. The exploit is publicly available a...
CVE-2026-14638 itsourcecode Hospital Management System patient.php sql injection
A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2026-14633
A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes...
CVE-2026-14628
A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extractmedia of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is...
CVE-2026-14623
CVE-2026-14623 affects omec-project amf up to 2.1.1. The vulnerability lies in the NGAP Message Handler function RRCInactiveTransitionReport, where manipulation can cause a remote denial of service. Exploit code maturity is shown as PROOF-OF-CONCEPT, and a public exploit has been disclosed. A pat...
EUVD-2026-41661
A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...
PT-2026-55720
Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7 Description A remote attack can be initiated through the manipulation of the shopping cart argument in the getCartItems function within the...
CVE-2026-14611
A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...
PHP 8.5.x < 8.5.8
The version of PHP installed on the remote host is prior to 8.5.8. It is, therefore, affected by a vulnerability as referenced in the Version 8.5.8 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
PHP 8.2.x < 8.2.32
The version of PHP installed on the remote host is prior to 8.2.32. It is, therefore, affected by a vulnerability as referenced in the Version 8.2.32 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEV...
EUVD-2026-41175
Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
Axis Communications AXIS OS Cleartext Transmission of Sensitive Information (CVE-2024-0066)
A researcher in the AXIS OS Bug Bounty Program has found that a O3C feature may expose sensitive traffic between the client Axis device and O3C server. This issue does not apply if O3C is not used. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot...
Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47261)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. Axis has released patched AXIS OS...
Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-6173)
A researcher in the AXIS OS Bug Bounty Program has found that a Guard Tour VAPIX API parameter accepted arbitrary values, which could let an attacker block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions for this flaw...
EUVD-2026-40134
A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parsebyblocktype of the file lightpcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument capturedpacketlength results in heap-based buffer overflow. It is possible to...
CVE-2026-13583
A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The...
CVE-2026-13570
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...
EUVD-2026-40071
A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carri...