Lucene search
K

751 matches found

EUVD
EUVD
added 12 hours ago4 views

EUVD-2026-43271

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scanprojecticons/syncicon. Such manipulation of the argument iconsfile leads to path traversal. An attack has to be approached locally. The exploit has been disclosed t...

5.3CVSS5.6AI score
Exploits0References6
EUVD
EUVD
added 13 hours ago7 views

EUVD-2026-43266

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...

4.8CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57619

Name of the Vulnerable Software and Affected Versions Shibby Tomato versions prior to 1.28.0000 Description A stack-based buffer overflow exists in the DNS List Rendering component within the /usr/sbin/httpd file. The issue occurs in the sub 407220 function and can be exploited remotely. A...

9CVSS7.3AI score
Exploits0References7
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-15036 Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...

5.3CVSS0.00396EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 4:0 a.m.35 views

CVE-2026-14795 CodeAstro Apartment Visitor Management System action-visitor.php sql injection

A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such manipulation of the argument remark leads to sql injection. The attack may be performed from remote. Th...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 3:16 a.m.10 views

CVE-2026-14694

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 10:15 p.m.35 views

CVE-2026-14659 itsourcecode Hospital Management System patientappointment.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public...

6.5CVSS0.00319EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 10:45 a.m.14 views

CVE-2026-13560

Summary : CVE-2026-13560 affects Edimax EW-7478APC (firmware 1.04). The vulnerable component is the POST Request Handler’s /goform/formAccept function, where manipulating the argument submit-url enables an OS command injection . The attack is remote and the exploit has been disclosed publicly. Th...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.15 views

PT-2026-53115

Name of the Vulnerable Software and Affected Versions code-projects Project Management System version 1.0 Description Cross site scripting XSS occurs in the Mail Compose Page component within the /mail.php endpoint. This issue allows a remote attacker to execute malicious scripts through the...

5.1CVSS5.8AI score0.00203EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress WhatsOrder – Instant Checkout for WooCommerce plugin <= 1.0.1 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WhatsOrder – Instant Checkout for WooCommerce versions = 1.0.1...

5.3CVSS5.8AI score0.00308EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/21 12:15 a.m.45 views

CVE-2026-12770 BerriAI litellm Admin Key key_management_endpoints.py improper authorization

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS0.00337EPSS
Exploits1References7
NVD
NVD
added 2026/06/15 2:16 a.m.12 views

CVE-2026-12204

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS0.00292EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 6:30 p.m.10 views

EUVD-2026-35185

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /homesalary.php. The manipulation of the argument rate/salaryrate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/08 3:45 a.m.11 views

CVE-2026-11485 SourceCodester Class and Exam Timetabling System archive2.php sql injection

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly...

7.5CVSS7AI score0.00275EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.17 views

PT-2026-47309

A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be...

9CVSS6.2AI score0.00466EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10060

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

9.8CVSS6.2AI score0.0501EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/05 3:45 p.m.11 views

EUVD-2026-34851

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS4AI score0.00273EPSS
Exploits0References6
NVD
NVD
added 2026/06/04 3:16 p.m.18 views

CVE-2026-10811

A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the argument efid leads to sql injection. The attack may be performed from remote. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.12 views

CVE-2026-10220

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

7.5CVSS5.5AI score0.00304EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 11:16 a.m.14 views

CVE-2026-10250

A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out...

7.5CVSS0.00263EPSS
Exploits0References6
Rows per page
Query Builder