CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1035 matches found

Github Security Blog•added 2026/03/16 8:44 p.m.•11 views

File Browser Signup Grants Admin When Default Permissions Include Admin

Summary Any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the default user permissions have perm.admin = true. The signup handler blindly applies all default settings - including Perm.Admin - to the new user without any...

10CVSS6AI score0.00677EPSS

Exploits1References5Affected Software1

OSV•added 2026/03/16 8:44 p.m.•4 views

GHSA-5GG9-5G7W-HM73 File Browser Signup Grants Admin When Default Permissions Include Admin

10CVSS6AI score0.00677EPSS

Exploits1References5

Positive Technologies•added 2026/03/16 12:0 a.m.•7 views

PT-2026-25858

Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where unauthenticated users can register as full administrators if self-registration is enabled signup = true and the default user...

10CVSS5.9AI score0.00677EPSS

Exploits1References14

OSV•added 2026/03/12 8:16 a.m.•2 views

CVE-2026-4014

A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is...

9.8CVSS5.6AI score0.00379EPSS

Exploits1References5

NVD•added 2026/03/12 8:16 a.m.•3 views

CVE-2026-4014

9.8CVSS0.00379EPSS

Exploits1References5

Vulnrichment•added 2026/03/12 8:2 a.m.•1 views

CVE-2026-4014 itsourcecode Cafe Reservation System Registration signup.php sql injection

7.5CVSS6.9AI score0.00379EPSS

Exploits1References5

CVE•added 2026/03/12 8:2 a.m.•8 views

CVE-2026-4014

The CVE-2026-4014 entry affects itsourcecode Cafe Reservation System 1.0, specifically the Registration module’s signup.php file. A manipulation of the Username argument enables SQL injection, allowing remote exploitation. Multiple sources (NVD, Red Hat, EUVD, CVE lists, and security trackers) af...

9.8CVSS5.7AI score0.00379EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/03/12 8:2 a.m.•26 views

CVE-2026-4014 itsourcecode Cafe Reservation System Registration signup.php sql injection

7.5CVSS0.00379EPSS

Exploits1References5

Positive Technologies•added 2026/03/12 12:0 a.m.•4 views

PT-2026-24936

7.5CVSS6.9AI score0.00379EPSS

Exploits1References8

CNNVD•added 2026/03/12 12:0 a.m.•4 views

itsourcecode Cafe Reservation System SQL注入漏洞

itsourcecode Cafe Reservation System is an open-source coffee reservation system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the Username parameter in the /curvus2/signup.php file within the Registrati...

9.8CVSS7.2AI score0.00379EPSS

Exploits1References5

RedhatCVE•added 2026/03/09 7:53 p.m.•4 views

CVE-2026-3744

A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valregpasswdation of the file signup.php. The manipulation of the argument regpasswd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

9.8CVSS5.8AI score0.00392EPSS

Exploits1References1

EUVD•added 2026/03/08 3:30 p.m.•7 views

EUVD-2026-10247

7.5CVSS6.9AI score0.00392EPSS

Exploits1References7

OSV•added 2026/03/08 3:15 p.m.•2 views

CVE-2026-3744

9.8CVSS5.7AI score0.00392EPSS

Exploits1References6

NVD•added 2026/03/08 3:15 p.m.•7 views

CVE-2026-3744

9.8CVSS0.00392EPSS

Exploits1References6

CVE•added 2026/03/08 3:2 p.m.•10 views

CVE-2026-3744

CVE-2026-3744 affects code-projects Student Web Portal 1.0. The vulnerability is in the function valreg_passwdation of signup.php, where the reg_passwd argument can be manipulated to trigger a SQL injection. It is a remote, publicly disclosed exploit (PoC present in multiple sources). The issue i...

9.8CVSS6.9AI score0.00392EPSS

Exploits1References6Affected Software1

Vulnrichment•added 2026/03/08 3:2 p.m.•5 views

CVE-2026-3744 code-projects Student Web Portal signup.php valreg_passwdation sql injection

7.5CVSS5.8AI score0.00392EPSS

Exploits1References6

Cvelist•added 2026/03/08 3:2 p.m.•29 views

CVE-2026-3744 code-projects Student Web Portal signup.php valreg_passwdation sql injection

7.5CVSS0.00392EPSS

Exploits1References6

Positive Technologies•added 2026/03/08 12:0 a.m.•9 views

PT-2026-23950

Name of the Vulnerable Software and Affected Versions code-projects Student Web Portal version 1.0 Description A flaw exists in the Student Web Portal that allows for remote sql injection. The issue is located in the valreg passwdation function of the signup.php file. The reg passwd argument can ...

9.8CVSS7.1AI score0.00392EPSS

Exploits1References15

CNNVD•added 2026/03/08 12:0 a.m.•7 views

Code-Projects Student Web Portal SQL注入漏洞

Code-Projects Student Web Portal is an open-source student portal developed by Code-Projects. Version 1.0 of Code-Projects Student Web Portal has a SQL injection vulnerability, which stems from the handling of the regpasswd parameter in the signup.php file, potentially leading to SQL injection...

9.8CVSS7.2AI score0.00392EPSS

Exploits1References7

RedhatCVE•added 2026/03/03 1:48 a.m.•7 views

CVE-2025-66880

Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp Module 2093 and SignupComp Module 2094 modules...

6.1CVSS6.3AI score0.00275EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by