Lucene search
K

87137 matches found

CVE
CVE
added 2026/04/06 8:45 a.m.7 views

CVE-2026-5639

PHPGurukul Online Shopping Portal Project 2.1 has a SQL injection flaw in the Parameter Handler’s /admin/update-image3.php. The vulnerability arises from manipulating the filename argument, enabling remote exploitation. Exploit published; CVSS notes range from 4.0 to 3.0 scales with PROOF-OF-CONC...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/06 8:15 a.m.27 views

CVE-2026-5637 projectworlds Car Rental System Parameter message_admin.php sql injection

A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /messageadmin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The...

7.5CVSS0.00259EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/06 2:26 a.m.6 views

kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain()

A flaw was found in the Linux kernel. A local attacker with CAPNETADMIN capabilities, or remote packet traffic, could exploit a use-after-free vulnerability in the nftablesaddchain function's error handling. Successful exploitation could lead to a kernel crash, resulting in a Denial of Service Do...

7.8CVSS5.9AI score0.00812EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/06 2:1 a.m.5 views

kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain()

A flaw was found in the Linux kernel. A local attacker with CAPNETADMIN capabilities, or remote packet traffic, could exploit a use-after-free vulnerability in the nftablesaddchain function's error handling. Successful exploitation could lead to a kernel crash, resulting in a Denial of Service Do...

7.8CVSS5.9AI score0.00812EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30590

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from...

6.5CVSS5.6AI score0.00196EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

Student-Management-System 代码注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Versions of Student-Management-System 1a938fa61e9f735078e9b291d2e6215b4942af3f and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the...

4.8CVSS5.7AI score0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename ...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30713

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize settings nativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30628

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...

5.4CVSS6AI score0.00254EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30627

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

3.4CVSS5.9AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30597

A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin feature.php of the component Add Product Page. The manipulation of the argument product name results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS4.4AI score0.00206EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename ...

6.5CVSS6.7AI score0.00196EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.6 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename in the file...

6.5CVSS6.6AI score0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Code-Projects Online Shoe Store 代码注入漏洞

Code-Projects Online Shoe Store is an open-source online shoe store system developed by Code-Projects. Version 1.0 of Code-Projects Online Shoe Store contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter productname in the file...

4.8CVSS5.7AI score0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.0 contained a security vulnerability. This vulnerability stemmed from the lack of enforceable administrator role authorization for the...

8.8CVSS6.1AI score0.26409EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30714

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30587

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.6 views

Car Rental System SQL注入漏洞

Car Rental System is a car rental system developed by AMEY THAKUR, an individual developer in India. Version 1.0 of Car Rental System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Message” in the file /messageadmin.php, which may lead to SQ...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30593

A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of the component Admin Add Endpoint. Such manipulation of the argument $ SERVER'PHP SELF' leads to cros...

4.8CVSS4.3AI score0.00206EPSS
Exploits0References6
Exploit DB
Exploit DB
added 2026/04/06 12:0 a.m.137 views

WordPress Madara - Local File Inclusion

Exploit Title: WordPress Madara Local File Inclusion Date: November 1, 2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: WordPress Theme Madara Software Link: WordPress Theme Madara Tested on: OS / PHP / WordPress versions used in testing — e.g., Ubuntu 22.04, PHP 8.1, WP 6.4 CVE:...

9.8CVSS7.2AI score0.09094EPSS
Exploits5
Rows per page
Query Builder