CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

265 matches found

NVD•added 2026/06/08 3:16 p.m.•13 views

CVE-2026-11518

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely...

5.3CVSS0.00388EPSS

Exploits0References6

Positive Technologies•added 2026/06/08 12:0 a.m.•11 views

PT-2026-47433

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import users.php. The manipulation of the argument raw password wit...

6.9CVSS5.6AI score0.00286EPSS

Exploits0References6

Cvelist•added 2026/06/01 7:30 a.m.•39 views

CVE-2026-10236 SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely...

7.5CVSS0.00371EPSS

Exploits0References6

Cvelist•added 2026/05/29 2:46 p.m.•32 views

CVE-2018-25397 PHP-SHOP 1.0 Cross-Site Request Forgery via users.php

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

6.9CVSS0.00162EPSS

Exploits0References3

ATTACKERKB•added 2026/04/05 8:45 p.m.•1 views

CVE-2019-25682

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...

5.3CVSS5.9AI score0.00132EPSS

Exploits1References3Affected Software1