CVE-2026-10619

Technical details about CVE-2026-10619 are not publicly available in the provided documents. Monitor for updates.

PT-2026-45724

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

SOPlanning SQL injection vulnerability

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had a SQL injection vulnerability. This vulnerability stemmed from multiple endpoints and parameters that were vulnerable to SQL injection attacks. It was possible fo...

CVE-2026-44447 ERPNext: Possibility of SQL Injection due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

EUVD-2026-30197

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and...

CVE-2026-44446

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and...

CVE-2026-44446 ERPNext: Possibility of SQL Injection due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and...

ERPNext 代码问题漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.106.0 and 16.16.0 of ERPNext contained code vulnerabilities. These vulnerabilities stemmed from the ability for malicious users to send specially crafted requests t...

CVE-2026-5750

An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...

CVE-2026-5750 Insecure direct object reference (IDOR) vulnerability in Fullstep

An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...

Exploit for CVE-2026-22732

CVE-2026-22732 Demo Minimal reproduction of CVE-2026-22732...

CVE-2026-3335

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

EUVD-2025-208962

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

PT-2026-27455

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue h...

CVE-2026-31819

Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate...

📄 Cockpit CMS 0.13.0 Remote Code Execution

Multiple remote code execution vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to execute arbitrary PHP code on the server. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Remote Code Execution Advisory ID: RO-16-004 Severity...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /v1/users/image and /v1/sys/debug endpoints. An attacker can retrieve sensitive configuration files, system debug information, and enumerate file existence by sending crafted requests to these endpoints...

web-security-vulnerability-labs

web-security-vulnerability-labs This repository documents han...

📄 Convio CMS 24.5 SQL Injection

Convio CMS version 24.5 proof of concept remote SQL injection exploit. ============================================================================================================================================= | Title : Convio CMS v 24.5 SQL Injection Exploit | | Author : indoushka | | Tested ...