Lucene search
K

2348 matches found

Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.9 views

CVE-2019-25726 All in One Video Downloader 1.2 SQL Injection via admin page-edit

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Hostel Management System 安全漏洞

Hostel Management System is a dormitory management tool developed by LAKSHAY DHOUNDIYAL. The Hostel Management System f87e67c283bab6f718faf2fec6ae39a13bd7036b and previous versions have security vulnerabilities. These vulnerabilities stem from unknown processing of parameter IDs in the Admin...

6.5CVSS6.5AI score0.00209EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46764

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References7
NVD
NVD
added 2026/06/03 8:16 p.m.18 views

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

4.1CVSS0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.7 views

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

5.8AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 12:0 a.m.16 views

EUVD-2026-34180

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

5.8AI score0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.7 views

CVE-2026-37700

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-46059

Name of the Vulnerable Software and Affected Versions MaxSite CMS version 109.2 Description A Cross Site Scripting issue allows a remote attacker to obtain sensitive information. This occurs via the Backend page file upload endpoint used by admin page. Recommendations At the moment, there is no...

4.1CVSS5.5AI score0.00186EPSS
Exploits0References5
CVE
CVE
added 2026/06/03 12:0 a.m.22 views

CVE-2026-37700

MaxSite CMS v.109.2 is affected by a Cross Site Scripting (XSS) vulnerability via the Backend page file upload endpoint used by admin_page. The CVE-2026-37700 description states an attacker can obtain sensitive information through this endpoint. CVSS v3.1 score is 4.1 (Medium); attack vector Netw...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 1:0 a.m.10 views

EUVD-2026-33858

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in file inclusion. The attack is possible to be carried out remotely. The exploit is now public and may...

6.5CVSS6.4AI score0.00227EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 12:30 p.m.12 views

CVE-2026-10257 itsourcecode Content Management System update_ss_img.php sql injection

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

SourceCodester Water Billing Management System SQL注入漏洞

The SourceCodester Water Billing Management System is an open-source water billing management system developed by SourceCodester. Version 1.0 of the SourceCodester Water Billing Management System contains a SQL injection vulnerability. This vulnerability stems from incorrect parameter handling in...

5.8CVSS5.2AI score0.00262EPSS
Exploits0References6
CVE
CVE
added 2026/05/28 8:27 p.m.17 views

CVE-2026-44655

Affected software: MantisBT (Mantis Bug Tracker). Vulnerable versions: 1.3.0–2.28.1. Component: Move Attachments admin page, where Unescaped Project Name can be set by users with manager/administrator access. Root cause: unescaped project name leads to HTML injection (stored XSS). Impact: stored ...

8.6CVSS5.8AI score0.00298EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.11 views

CVE-2026-9525

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/editjudge.php. The manipulation of the argument judgeid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...

7.5CVSS6.8AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 8:16 a.m.20 views

CVE-2026-8143

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hbcountryiso', 'hbusastateiso', and 'hbcanadaprovinceiso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.0019EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:46 a.m.8 views

CVE-2026-8143

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hbcountryiso', 'hbusastateiso', and 'hbcanadaprovinceiso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.0019EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 6:46 a.m.19 views

CVE-2026-8143

Summary: The HBook WordPress plugin (up to version 2.1.6) is affected by a stored XSS due to insufficient input sanitization and output escaping in the parameters hb_country_iso, hb_usa_state_iso, and hb_canada_province_iso. This enables unauthenticated attackers to inject script code that execut...

7.2CVSS6AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43572

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb country iso', 'hb usa state iso', and 'hb canada province iso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.0019EPSS
Exploits0References3
NVD
NVD
added 2026/05/26 8:16 p.m.14 views

CVE-2026-9573

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 3:45 a.m.15 views

EUVD-2026-31787

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

5.3CVSS4.4AI score0.00336EPSS
Exploits0References5
Rows per page
Query Builder