Lucene search
K

87066 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 3:0 a.m.0 views

CVE-2026-5836

A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminproduct.php. The manipulation of the argument productname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 3:0 a.m.4 views

CVE-2026-5836 code-projects Online Shoe Store admin_product.php cross site scripting

A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminproduct.php. The manipulation of the argument productname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 3:0 a.m.14 views

CVE-2026-5836

Affected software and entry point: code-projects Online Shoe Store 1.0, vulnerable via /admin/admin_product.php with manipulation of the product_name parameter. Vulnerability type: cross site scripting (XSS). Impact/conditions: remote initiation; affects user input handling in the admin context; ...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/09 3:0 a.m.33 views

CVE-2026-5836 code-projects Online Shoe Store admin_product.php cross site scripting

A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminproduct.php. The manipulation of the argument productname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

4.8CVSS0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/09 2:45 a.m.35 views

CVE-2026-5835 code-projects Online Shoe Store admin_football.php cross site scripting

A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Executing a manipulation of the argument productname can lead to cross site scripting. It is possible to launch the attack remotely. The...

4.8CVSS0.00206EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 2:45 a.m.2 views

CVE-2026-5835 code-projects Online Shoe Store admin_football.php cross site scripting

A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Executing a manipulation of the argument productname can lead to cross site scripting. It is possible to launch the attack remotely. The...

4.8CVSS4.4AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 2:45 a.m.11 views

CVE-2026-5835

CVE-2026-5835 affects code-projects Online Shoe Store 1.0. The vulnerability lies in the admin_football.php script, where manipulating the argument product_name can trigger cross-site scripting (XSS). Affected functionality is unspecified beyond /admin/admin_football.php. It can be exploited remo...

4.8CVSS4.4AI score0.00206EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:45 a.m.0 views

CVE-2026-5835

A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Executing a manipulation of the argument productname can lead to cross site scripting. It is possible to launch the attack remotely. The...

4.8CVSS4.4AI score0.00206EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:30 a.m.1 views

CVE-2026-5834

A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...

4.8CVSS4.6AI score0.00206EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 2:30 a.m.4 views

CVE-2026-5834 code-projects Online Shoe Store admin_running.php cross site scripting

A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...

4.8CVSS4.6AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 2:30 a.m.13 views

CVE-2026-5834

CVE-2026-5834 affects code-projects Online Shoe Store 1.0. The vulnerability resides in an unknown function inside /admin/admin_running.php, where manipulating the argument product_name enables cross-site scripting. The issue can be exploited remotely, and public exploit code is indicated in the ...

4.8CVSS4.6AI score0.00206EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:25 a.m.2 views

CVE-2026-3568

The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...

4.3CVSS6AI score0.00226EPSS
Exploits0References9
CVE
CVE
added 2026/04/09 2:25 a.m.9 views

CVE-2026-3574

CVE-2026-3574 concerns the Experto Dashboard for WooCommerce WordPress plugin (

4.4CVSS6AI score0.00207EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

phpBB 安全漏洞

phpBB is a set of web forum software developed by Ariefibis. Version 3.3.15 of phpBB has a security vulnerability; this vulnerability stems from the cross-site request forgery functionality in the administration control panel icons, which may allow for the execution of arbitrary code...

4.3CVSS5.9AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.3 views

PT-2026-31704

OpenPLC V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator acces...

8.7CVSS5.9AI score0.0024EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

PHPGurukul News Portal Project SQL注入漏洞

PHPGurukul News Portal Project is a news portal project of PHPGurukul Corporation. Version 4.1 of the PHPGurukul News Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Username in the file admin/checkavailability.php, which may le...

5.8CVSS5.8AI score0.00202EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:0 a.m.2 views

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31766

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw versions prior to 2026.3.22 do not properly enforce operator.admin scope on mutating internal ACP chat commands, which allows unauthorized modifications. Attackers without admin...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/09 12:0 a.m.2 views

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

5.8AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Code-Projects Online Shoe Store 代码注入漏洞

Code-Projects Online Shoe Store is an open-source online shoe store system developed by Code-Projects. Version 1.0 of Code-Projects Online Shoe Store contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter productname in the file...

4.8CVSS5.7AI score0.00206EPSS
Exploits0References5
Rows per page
Query Builder