Lucene search
K

87068 matches found

Exploit DB
Exploit DB
added 2026/04/09 12:0 a.m.74 views

RomM 4.4.0 - XSS_CSRF Chain

Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3. Replace below with your token 4. Replace with the target RomM instance URL e.g., http://romm.local 5. Save this file as avatar.html 6. Upload it as your profile avatar...

7.6CVSS5.9AI score0.00273EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31573

Name of the Vulnerable Software and Affected Versions code-projects Online Shoe Store version 1.0 Description A cross-site scripting issue exists due to manipulation of the product name argument in an unknown function within the /admin/admin running.php file. This allows for remote attacks...

4.8CVSS5.6AI score0.00206EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31582

Name of the Vulnerable Software and Affected Versions PHPGurukul News Portal Project version 4.1 Description A security flaw exists in PHPGurukul News Portal Project 4.1. Manipulation of the Username argument in the /admin/check availability.php file can lead to SQL injection. Remote exploitation...

5.8CVSS5.9AI score0.00202EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/09 12:0 a.m.21 views

CVE-2025-70811

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

0.00148EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

PHPGurukul Online Course Registration SQL注入漏洞

PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Inc. Version 3.1 of PHPGurukul Online Course Registration has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter regno in the file...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 12:0 a.m.3 views

CVE-2025-70811

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

6.2AI score0.00148EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of the operator.admin scope for mutated internal ACP chat commands, which could...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31575

Name of the Vulnerable Software and Affected Versions Online Shoe Store version 1.0 Description A cross site scripting issue exists due to the manipulation of the product name argument in the file '/admin/admin product.php'. The attack can be initiated remotely and the exploit has been publicly...

4.8CVSS4.8AI score0.00206EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.7 views

PT-2026-31809

Name of the Vulnerable Software and Affected Versions Dockyard versions prior to 1.1.0 Description Dockyard is a Docker container management app. Prior to version 1.1.0, Docker container start and stop operations are performed through GET requests without Cross-Site Request Forgery CSRF protectio...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/08 11:30 p.m.3 views

SUSE CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.4CVSS5.8AI score0.00458EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/08 11:30 p.m.2 views

SUSE CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 11:0 p.m.0 views

CVE-2026-5814

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 11:0 p.m.4 views

CVE-2026-5814 PHPGurukul Online Course Registration check_availability.php sql injection

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/08 11:0 p.m.33 views

CVE-2026-5814 PHPGurukul Online Course Registration check_availability.php sql injection

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS0.00254EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/08 7:57 p.m.3 views

CVE-2026-39335

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

6.1CVSS5.9AI score0.00252EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.3 views

CVE-2026-35573

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

9.1CVSS6.6AI score0.00765EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.3 views

CVE-2026-35463

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...

8.8CVSS6.1AI score0.00815EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/08 7:15 p.m.9 views

EUVD-2026-20485

CI4MS has stored XSS in Pages Content Due to Missing htmlpurify Sanitization...

5.5CVSS5.9AI score0.00247EPSS
Exploits1References3
OSV
OSV
added 2026/04/08 7:15 p.m.10 views

GHSA-FJPJ-6QCQ-6PW2 CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

Summary The Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog module does. Page content is stored unsanitized in the database and rendered as raw HTML on the public frontend via echo $pageInfo-content. An authenticated...

5.5CVSS5.9AI score0.00247EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/08 7:15 p.m.4 views

EUVD-2026-20484

CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List...

4.8CVSS5.9AI score0.0023EPSS
Exploits1References3
Rows per page
Query Builder