CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

195 matches found

EUVD-2026-33661

A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. It is possible to launch the attack...

6.9CVSS6.2AI score0.00041EPSS

Exploits0References5

NVD•added 2026/05/04 8:16 a.m.•3 views

CVE-2026-7741

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be us...

6.5CVSS0.00031EPSS

Exploits0References5

ATTACKERKB•added 2026/05/04 6:45 a.m.•2 views

CVE-2026-7741

6.5CVSS6.5AI score0.00031EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/05/04 6:45 a.m.•30 views

CVE-2026-7741 CodeAstro Online Classroom studentlogin sql injection

6.5CVSS0.00031EPSS

Exploits0References5

NVD•added 2026/04/09 4:17 a.m.•1 views

CVE-2026-5357

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdmmembers' shortcode in versions up to and including 3.3.52. This is due to insufficient input sanitization and output escaping on the user-supplied 'sid' shortcode attribute...

6.4CVSS0.00046EPSS

Exploits0References6

ATTACKERKB•added 2026/04/09 2:25 a.m.•2 views

CVE-2026-5357

6.4CVSS6.1AI score0.00046EPSS

Exploits0References7

Positive Technologies•added 2026/04/09 12:0 a.m.•2 views

PT-2026-31571

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions up to and including 3.3.52 Description The Download Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through the sid parameter of the 'wpdm members' shortcode. This occur...

6.4CVSS5.9AI score0.00046EPSS

Exploits0References11

RedhatCVE•added 2026/03/27 4:59 a.m.•0 views

CVE-2026-4826

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /updatestock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

6.5CVSS6.5AI score0.00013EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 11:4 p.m.•0 views

CVE-2026-4825

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS6.4AI score0.00012EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:15 p.m.•2 views

CVE-2026-4780

A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file updateoutstanding.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carrie...

6.5CVSS6.4AI score0.00037EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:15 p.m.•1 views

CVE-2026-4778

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file updatecategory.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

6.5CVSS6.4AI score0.00012EPSS

Exploits1References1

EUVD•added 2026/03/26 12:30 a.m.•1 views

EUVD-2026-16054

6.5CVSS5.7AI score0.00013EPSS

Exploits1References6

EUVD•added 2026/03/26 12:30 a.m.•0 views

EUVD-2026-16024

6.5CVSS6.4AI score0.00012EPSS

Exploits1References6

NVD•added 2026/03/26 12:16 a.m.•0 views

CVE-2026-4826

8.8CVSS0.00013EPSS

Exploits1References5

CNNVD•added 2026/03/26 12:0 a.m.•3 views

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the sid...

8.8CVSS6.7AI score0.00013EPSS

Exploits1References5

CVE•added 2026/03/25 11:35 p.m.•4 views

CVE-2026-4826

The CVE-2026-4826 entry concerns SourceCodester Sales and Inventory System 1.0. The vulnerability is in the /update_stock.php file (HTTP GET Parameter Handler) where manipulation of the sid parameter leads to SQL injection. Remote exploitation is possible and the exploit has been publicly disclos...

8.8CVSS6.5AI score0.00013EPSS

Exploits1References5Affected Software1

NVD•added 2026/03/25 11:17 p.m.•0 views

CVE-2026-4825

6.5CVSS0.00012EPSS

Exploits1References5

ATTACKERKB•added 2026/03/25 10:32 p.m.•1 views

CVE-2026-4825

6.5CVSS6.4AI score0.00012EPSS

Exploits1References5Affected Software1