CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2668 matches found

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

9.8CVSS7.8AI score0.91697EPSS

Exploits3References5

Nuclei•added 15 hours ago•8 views

Alumni Management System 1.0 - SQL Injection

SourceCodester Alumni Management System 1.0 contains a sqlinjection caused by unsanitized input in admin/login.php, letting attackers bypass authentication, exploit requires injection of malicious SQL payload. id: CVE-2020-29214 info: name: Alumni Management System 1.0 - SQL Injection author:...

9.8CVSS8AI score0.45262EPSS

Exploits1References2

RedhatCVE•added yesterday•7 views

CVE-2026-10877

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

7.5CVSS6.9AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-7227

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS7.1AI score0.00043EPSS

Exploits0References1

RedhatCVE•added 2 days ago•6 views

CVE-2026-10288

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function passwordverify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch...

7.5CVSS7AI score0.00098EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-8098

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

7.5CVSS7AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-35090

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

9.3CVSS5.6AI score0.00103EPSS

Exploits0References1

RedhatCVE•added 2 days ago•6 views

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

9.3CVSS5.5AI score0.00087EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2024-33288

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

7.3CVSS5.7AI score0.00026EPSS

Exploits3References1

Cvelist•added 2 days ago•23 views

CVE-2026-5415 WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

8.8CVSS0.00069EPSS

Exploits0References2

EUVD•added 2 days ago•7 views

EUVD-2026-34773

7.5CVSS6.8AI score0.00033EPSS

Exploits0References7

NVD•added 2 days ago•4 views

CVE-2026-10877

7.5CVSS0.00033EPSS

Exploits0References6

Cvelist•added 3 days ago•33 views

CVE-2026-10877 SourceCodester Ship Ferry Ticket Reservation System Admin Login login.php sql injection

7.5CVSS0.00033EPSS

Exploits0References6

CVE•added 3 days ago•10 views

CVE-2026-10877

CVE-2026-10877 concerns SourceCodester Ship Ferry Ticket Reservation System (up to 1.0) with an issue in the Admin Login component. The vulnerability resides in the /admin/login.php handling of the Username argument, enabling a SQL injection. The flaw is exploitable remotely, and the exploit has ...

7.5CVSS6.8AI score0.00033EPSS

Exploits0References6

NVD•added 3 days ago•5 views

CVE-2026-10880

OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a val...

9.8CVSS0.0009EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•3 views

CVE-2026-10880

9.8CVSS5.9AI score0.0009EPSS

Exploits0References2Affected Software1

Positive Technologies•added 3 days ago•7 views

PT-2026-46837

7.5CVSS6.8AI score0.00033EPSS

Exploits0References7

NVD•added 4 days ago•8 views

CVE-2026-10704

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/adminclassnovo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack ca...

7.5CVSS0.00033EPSS

Exploits0References6

ATTACKERKB•added 4 days ago•6 views

CVE-2026-10704

7.5CVSS6.9AI score0.00033EPSS

Exploits0References6Affected Software1