Lucene search
K

409 matches found

Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57442

Name of the Vulnerable Software and Affected Versions Grav Admin2 plugin versions prior to 2.0.4 Description The plugin embeds a global JavaScript variable window. GRAV CONFIG in the Admin2 SPA bootstrap page at the '/grav/admin' endpoint and its subroutes. This object is returned in every...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References7
NVD
NVD
added 2026/07/04 9:17 p.m.9 views

CVE-2026-14653

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument userid causes sql injection. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS0.00412EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Apache ActiveMQ < 5.19.8 / 6.x < 6.2.7 Multiple Vulnerabilities

The version of Apache ActiveMQ running on the remote host is prior to 5.19.8 or 6.x prior to 6.2.7. It is, therefore, affected by multiple vulnerabilities: - Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that...

8.1CVSS6.2AI score0.00844EPSS
Exploits0References16
NVD
NVD
added 2026/06/30 11:16 a.m.8 views

CVE-2026-49877

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS0.0051EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 9:53 a.m.7 views

EUVD-2026-40283

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS5.8AI score0.0051EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 11:15 a.m.29 views

CVE-2026-11509

CodeAstro Leave Management System 1.0 is affected by a SQL injection in /admin/search_staff_for_updation.php triggered by manipulation of the Name parameter. The issue can be exploited remotely; CVE-2026-11509 is identified with multiple CVSS vectors (e.g., 3.1 and 3.0) indicating network access,...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.9 views

CVE-2026-8133

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...

7.5CVSS6.9AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-8626

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS5.7AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 3:16 p.m.11 views

CVE-2026-10265

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edittopic.php. Such manipulation of the argument topicid leads to sql injection. The attack may be launched remotely. The exploit is publicly...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/29 5:0 p.m.7 views

EUVD-2026-26265

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS4.8AI score0.00268EPSS
Exploits1References5
CVE
CVE
added 2026/04/28 5:15 a.m.12 views

CVE-2026-7228

CVE-2026-7228 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerable component is the function get_cart_count in /admin/ajax.php?action=get_cart_count, where an manipulated ID parameter enables a SQL injection. The issue is exploitable remotely, with a PoC/exploit published and avail...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35663

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the argument e-mail leads to sql injection. Remote exploitation of the attack is possible. The exploit h...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/22 8:5 p.m.5 views

CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

7.2CVSS5.8AI score0.00448EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/14 6:30 p.m.4 views

EUVD-2025-209443

alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting XSS in /public/admin/editroom.php which allows an attacker to inject and execute arbitrary JavaScript via the roomid GET parameter...

6.1CVSS6AI score0.00181EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.10 views

PT-2026-32659

CVE-2025-65135 In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fr… https://t.co/otOrMUqUKm...

9.8CVSS5.8AI score0.00285EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32362

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage repair.php...

5.8AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32333

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load admin.php...

5.9AI score0.00225EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.3 views

CVE-2026-36873

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadadmin.php...

5.9AI score0.00225EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32391

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view room.php...

5.9AI score0.00244EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References1
Rows per page
Query Builder