Lucene search
K

173 matches found

Cvelist
Cvelist
added 2026/01/19 10:32 p.m.24 views

CVE-2026-1179 Yonyou KSOA HTTP GET Parameter user_popedom.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/userpopedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

7.5CVSS0.00359EPSS
Exploits0References4
CVE
CVE
added 2026/01/19 3:2 p.m.20 views

CVE-2026-1159

CVE-2026-1159 affects itsourcecode Online Frozen Foods Ordering System 1.0. The issue arises from processing of the file /order_online.php, where manipulating the argument product_name can lead to an SQL injection. The vulnerability can be exploited remotely, and public proofs-of-concept exist ac...

9.8CVSS5.5AI score0.00335EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/01/19 1:2 p.m.13 views

CVE-2026-1155

Based on provided records, CVE-2026-1155 affects Totolink LR350 9.3.5u.6369_B20220309, specifically the setWiFiEasyGuestCfg function in /cgi-bin/cstecgi.cgi. The root cause is a buffer overflow triggered by manipulating the ssid argument, allowing remote exploitation. The vulnerability is corrobo...

9CVSS5.8AI score0.00794EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/01/19 9:2 a.m.27 views

CVE-2026-1147

SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0 contains a cross-site scripting vulnerability in an unknown portion of /php/api_patient_schedule.php triggered by manipulating the Reason parameter. The flaw can be exploited remotely and the exploit is publicly availa...

5.4CVSS4.1AI score0.00236EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/01/19 12:15 a.m.8 views

CVE-2025-15539

A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwcs11handledownlinkdatanotificationack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS0.00684EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.7 views

PT-2026-1973

Name of the Vulnerable Software and Affected Versions Intern Membership Management System version 1.0 Description A SQL injection issue exists in code-projects Intern Membership Management System 1.0. The issue affects an unknown function within the /intern/admin/edit activity.php file...

7.2CVSS5.1AI score0.00313EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/01/07 9:15 a.m.9 views

CVE-2024-2559

A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to t...

6.5CVSS6.7AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/01/05 2:15 p.m.11 views

CVE-2026-0592

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/registercode.php of the component User Registration Handler. Performing a manipulation of the argument...

9.8CVSS0.00379EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2025/12/30 3:32 a.m.4 views

CVE-2025-15218

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow. The...

9CVSS6.2AI score0.02862EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/30 1:32 a.m.4 views

CVE-2025-15214 Campcodes Park Ticketing System admin_class.php save_pricing cross site scripting

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function savepricing of the file adminclass.php. The manipulation of the argument name/ride results in cross site scripting. The attack may be performed from remote. The exploit has been made public and...

4.8CVSS2.9AI score0.00262EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/29 5:2 a.m.3 views

CVE-2025-15173 SohuTV CacheCloud InstanceController.java advancedAnalysis cross site scripting

A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit...

5.1CVSS3.7AI score0.002EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/28 11:32 a.m.27 views

CVE-2025-15134 yourmaileyes MOOC Submission MainController.java subreview cross site scripting

A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function subreview of the file mooc/controller/MainController.java of the component Submission Handler. Performing manipulation of the argument review results in cross site scripting. The attack can be initiated...

5.1CVSS0.00191EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/16 12:30 a.m.5 views

EUVD-2025-203471

A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...

5.8CVSS6.5AI score0.00386EPSS
Exploits1References5
OSV
OSV
added 2025/12/14 2:15 p.m.3 views

CVE-2025-14662

A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/updateuser.php of the component Update User Page. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit has been made...

5.4CVSS4.2AI score0.00193EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/14 9:30 a.m.3 views

EUVD-2025-203292

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and...

7.5CVSS6.6AI score0.00333EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/12/12 10:2 p.m.28 views

CVE-2025-14582 campcodes Online Student Enrollment System index.php unrestricted upload

A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing a manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is...

5.8CVSS0.00351EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/24 3:34 p.m.12 views

CVE-2025-13555

A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument studno results in sql injection. The attack can be initiated remotely. The exploit is now public an...

9.8CVSS7.3AI score0.00339EPSS
Exploits1References1
OSV
OSV
added 2025/11/23 5:15 p.m.3 views

CVE-2025-13560

A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

9.8CVSS5.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/23 12:0 a.m.8 views

PT-2025-47843

Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 and 1.1.50 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920 routers. The issue is located in an unknown function...

9CVSS8.9AI score0.00677EPSS
Exploits1References16
RedhatCVE
RedhatCVE
added 2025/11/14 6:2 p.m.13 views

CVE-2025-13122

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/apipatientcheckin.php. Performing manipulation of the argument appointmentID results in sql injection. It is possible to...

9.8CVSS7.1AI score0.00427EPSS
Exploits1References1
Rows per page
Query Builder