CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/24 5:16 a.m.•8 views

CVE-2026-9355

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

7.5CVSS0.00393EPSS

EUVD•added 2026/05/24 4:45 a.m.•9 views

EUVD-2026-31569

Vulnrichment•added 2026/05/24 4:45 a.m.•9 views

CVE-2026-9355 SourceCodester Hospitals Patient Records Management System Master.php save_patient_history sql injection

ATTACKERKB•added 2026/05/24 4:45 a.m.•15 views

CVE-2026-9355

Exploits0References5Affected Software1

Positive Technologies•added 2026/05/24 12:0 a.m.•9 views

PT-2026-42913

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save patient history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

CNNVD•added 2026/05/24 12:0 a.m.•4 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System has a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS7.2AI score0.00393EPSS

Exploits0References6

Vulnrichment•added 2026/05/23 4:27 a.m.•8 views

CVE-2026-6897 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00341EPSS

Exploits0References2

NVD•added 2026/05/22 4:16 p.m.•10 views

CVE-2026-9248

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...

2.6CVSS0.00129EPSS

Exploits0References1

EUVD•added 2026/05/22 3:22 p.m.•7 views

EUVD-2026-31454

2.6CVSS5.8AI score0.00129EPSS

Exploits0References1

UbuntuCve•added 2026/05/22 2:16 p.m.•5 views

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

4.8CVSS6AI score0.00176EPSS

OSV•added 2026/05/22 1:22 p.m.•5 views

OESA-2026-2434 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

7.5CVSS5.7AI score0.00579EPSS

Exploits1References2

CVE•added 2026/05/22 7:50 a.m.•15 views

CVE-2026-7615

The CVE-2026-7615 entry concerns the WordPress Widget Context plugin (versions ≤ 1.3.3). Vulnerability: Cross-Site Request Forgery due to missing or incorrect nonce validation in save_widget_context_settings, allowing unauthenticated attackers to modify widget visibility context settings stored i...

4.3CVSS5.7AI score0.00168EPSS

Exploits0References8

CVE•added 2026/05/22 7:50 a.m.•15 views

CVE-2026-8692

The CVE covers the Vedrixa Forms – WordPress plugin (versions up to 1.1.1). The issue is an authorization bypass in the AJAX handler (wefb_save_form_structure), allowing authenticated users with subscriber-level access and above to arbitrarily modify form structure by writing attacker-controlled ...

4.3CVSS5.8AI score0.00232EPSS

Exploits0References8

EUVD•added 2026/05/22 12:31 a.m.•8 views

EUVD-2026-31350

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary commands by injecting unsanitized input stored in savetmpl.cgi and render...

5.4CVSS5.9AI score0.00168EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•6 views

PT-2026-42794

5.8AI score0.00129EPSS

Exploits0References1

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42765

Name of the Vulnerable Software and Affected Versions vifm versions 0.12.1 through 0.14.3 Description A heap buffer overflow occurs during the history merge process when saving the state file vifminfo.json. This is caused by a lack of runtime checks on the length of history entries in release...

4.8CVSS6AI score0.00176EPSS

Exploits0References9

ATTACKERKB•added 2026/05/21 8:59 p.m.•5 views

CVE-2026-22678

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting...

5.4CVSS5.9AI score0.00168EPSS