Lucene search
K

87065 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.9 views

PT-2026-35950

Name of the Vulnerable Software and Affected Versions Helpy version 2.8.0 Description A stored cross-site scripting issue exists in the post author display logic. A registered user can persist arbitrary HTML in the account name field, which is then rendered unescaped in public forum threads, the...

5.4CVSS5.8AI score0.00177EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.5 views

PT-2026-35959

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save menu of the file /admin/admin class novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS4.8AI score0.00268EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.11 views

PT-2026-37144

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description A logic error in the two-factor authentication 2FA reset process inverts the authorization check. This allows non-admin users to remove the Time-based One-Time Password TOTP configuration of other...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.7 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which arises from improper handling of the parameter ID in the file admin/vieworder.php...

5.8CVSS5.8AI score0.00244EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.13 views

EyouCMS 注入漏洞

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.9 and earlier have a vulnerability related to injection attacks. This vulnerability arises from improper handling of the editFile function in the file...

5.8CVSS5.9AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability, which arises from the parameter operations in the function saveSettings within the file...

5.8CVSS5.8AI score0.00253EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.66 views

📄 Coaching Management System 1.0 Cross Site Scripting

Coaching Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Stored Cross-Site Scripting XSS in Coaching Management System Leads to Account Takeover --- Product Coaching Management System in PHP Code-Projects.org...

5.1CVSS4.3AI score0.00232EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.15 views

PT-2026-37146

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An issue exists where the Role::stopMembership function fails to verify if removing a user from the administrator role leaves the system with zero administrators. While the deprecated...

5.2CVSS5.8AI score0.00285EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2026/04/29 12:0 a.m.85 views

JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution

Exploit Title: JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution Date: 2026-01-10 Exploit Author: Sardor Shoakbarov Author GitHub: https://github.com/TheDeepOpc Vendor Homepage: https://juzaweb.com/ Software Link: https://github.com/juzaweb/ CVE: N/A Pending import requests import argparse...

5.3AI score
Exploits0
NVD
NVD
added 2026/04/28 7:37 p.m.4 views

CVE-2026-41375

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...

7.1CVSS0.00331EPSS
Exploits0References3
NVD
NVD
added 2026/04/28 7:37 p.m.4 views

CVE-2026-41379

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

7.1CVSS0.00243EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:45 p.m.4 views

CVE-2026-7297

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...

4.8CVSS3AI score0.00202EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/28 6:45 p.m.13 views

CVE-2026-7297

SourceCodester Pizzafy Ecommerce System 1.0 contains a cross-site scripting flaw in the save_user function at /admin/ajax.php?action=save_user. Manipulating the Name argument can trigger XSS; the attack can be executed remotely and exploit information is publicly disclosed. The connected document...

4.8CVSS3.2AI score0.00202EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 6:30 p.m.5 views

EUVD-2026-26146

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

4.8CVSS3.5AI score0.00202EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/28 6:30 p.m.5 views

CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

4.8CVSS3.4AI score0.00202EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 6:30 p.m.33 views

CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

4.8CVSS0.00202EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:15 p.m.3 views

CVE-2026-7295

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...

4.8CVSS3.1AI score0.00206EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/28 6:15 p.m.15 views

CVE-2026-7295

CVE-2026-7295 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability lies in the /admin/ajax.php?action=save_menu function, where manipulating the Name argument enables cross-site scripting (XSS). Exploitation can be performed remotely; the exploit has been disclosed publicly. No ...

4.8CVSS3.3AI score0.00206EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.3 views

CVE-2026-42432 OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system...

7.8CVSS5.9AI score0.00131EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:10 p.m.2 views

CVE-2026-41404

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on...

8.8CVSS5.3AI score0.0034EPSS
Exploits0References4
Rows per page
Query Builder