CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/25 10:0 a.m.•13 views

CVE-2026-9448

The CVE-2026-9448 affects code-projects Employee Management System 1.0, specifically the /applyleave.php file. The root cause is manipulation of the ID argument that enables cross site scripting (XSS). Exploitation is possible remotely, and public disclosure of the exploit is noted. No remediatio...

Cvelist•added 2026/05/25 10:0 a.m.•31 views

CVE-2026-9448 code-projects Employee Management System applyleave.php cross site scripting

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown function of the file /applyleave.php. Executing a manipulation of the argument ID can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly...

5.3CVSS0.00336EPSS

ATTACKERKB•added 2026/05/25 10:0 a.m.•5 views

CVE-2026-9448

Exploits0References5Affected Software1

EUVD•added 2026/05/25 10:0 a.m.•8 views

EUVD-2026-31664

Vulnrichment•added 2026/05/25 10:0 a.m.•5 views

CVE-2026-9448 code-projects Employee Management System applyleave.php cross site scripting

CVE•added 2026/05/25 9:45 a.m.•15 views

CVE-2026-9447

SourceCodester Simple POS and Inventory System 1.0 contains a SQL injection vulnerability in the /user/search.php endpoint, triggered by manipulating the Name parameter. This is a network-accessible issue reported as remote, with the exploit publicly available. The connected documents provide the...

7.5CVSS6.9AI score0.00319EPSS

Cvelist•added 2026/05/25 9:45 a.m.•35 views

CVE-2026-9447 SourceCodester Simple POS and Inventory System search.php sql injection

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS0.00319EPSS

Vulnrichment•added 2026/05/25 9:30 a.m.•8 views

CVE-2026-9446 SourceCodester Simple POS and Inventory System edit_customer.php sql injection

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

EUVD•added 2026/05/25 9:30 a.m.•16 views

EUVD-2026-31660

EUVD•added 2026/05/25 9:15 a.m.•10 views

EUVD-2026-31656

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible...

6.5CVSS6.2AI score0.00333EPSS

Cvelist•added 2026/05/25 9:0 a.m.•33 views

CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...

5.8CVSS0.00318EPSS

Vulnrichment•added 2026/05/25 9:0 a.m.•7 views

CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

CVE•added 2026/05/25 9:0 a.m.•16 views

CVE-2026-9444

SourceCodester Simple POS and Inventory System 1.0 is affected in /admin/deleteproduct.php (GET Parameter Handler). The vulnerability occurs when the ID argument is manipulated, resulting in SQL injection. The issue may be exploited remotely and the exploit is public. No additional technical deta...

Vulnrichment•added 2026/05/25 8:45 a.m.•6 views

CVE-2026-9443 Edimax BR-6478AC POST Request formL2TPSetup buffer overflow

A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. The attack may be initiated...

Cvelist•added 2026/05/25 8:45 a.m.•34 views

CVE-2026-9443 Edimax BR-6478AC POST Request formL2TPSetup buffer overflow

9CVSS0.00751EPSS

Vulnrichment•added 2026/05/25 8:30 a.m.•7 views

CVE-2026-9442 Edimax BR-6478AC POST Request formiNICSiteSurvey buffer overflow

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. Th...

CVE•added 2026/05/25 8:30 a.m.•17 views

CVE-2026-9442

CVE-2026-9442 affects Edimax BR-6478AC devices running version 1.23, impacting the POST request handler function /goform/formiNICSiteSurvey. The vulnerability arises from a manipulation of the argument selSSID in formiNICSiteSurvey, leading to a buffer overflow. Exploitation is described as remot...

ATTACKERKB•added 2026/05/25 8:30 a.m.•7 views

CVE-2026-9442

Exploits0References4Affected Software1

NVD•added 2026/05/25 8:16 a.m.•11 views

CVE-2026-9438

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

5.5CVSS0.00324EPSS