Lucene search
+L

546 matches found

OSV
OSV
added 2026/02/08 11:15 a.m.5 views

CVE-2026-2149

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

6.1CVSS4.3AI score0.00352EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/08 11:2 a.m.8 views

EUVD-2026-5800

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

6.1CVSS3.8AI score0.00352EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/08 11:2 a.m.40 views

CVE-2026-2149 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System appointments.php cross site scripting

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

5.3CVSS0.00352EPSS
Exploits1References4
CVE
CVE
added 2026/02/08 11:2 a.m.19 views

CVE-2026-2149

CVE-2026-2149 affects SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System v1.0. The vulnerability is a cross-site scripting (XSS) flaw caused by manipulating the patient_id argument in /appointments.php, enabling remote exploitation. Public exploits exist per the reported e...

6.1CVSS3.9AI score0.00352EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.8 views

SourceCodester Patients Waiting Area Queue Management System 代码注入漏洞

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

6.1CVSS5.7AI score0.00352EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.10 views

PT-2026-6976

Name of the Vulnerable Software and Affected Versions SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 Description A flaw exists in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 related to cross site scripting. The iss...

5.3CVSS4AI score0.00352EPSS
Exploits1References6
NVD
NVD
added 2026/01/22 5:16 p.m.5 views

CVE-2025-69315

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.15...

6.5CVSS0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.4 views

CVE-2025-69315 WordPress Simply Schedule Appointments plugin <= 1.6.9.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.15...

6.5CVSS5.9AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.14 views

CVE-2025-69315

CVE-2025-69315 concerns the WordPress plugin Simply Schedule Appointments (versions up to and including 1.6.9.15). The issue is described as a Missing Authorization / Broken Access Control vulnerability that allows exploitation of misconfigured access control security levels. Public reports (Word...

6.5CVSS5.4AI score0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.2 views

CVE-2025-69315

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.15...

6.5CVSS5.2AI score0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.20 views

CVE-2025-69315 WordPress Simply Schedule Appointments plugin <= 1.6.9.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.15...

6.5CVSS0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

WordPress plugin Simply Schedule Appointments has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 10:32 p.m.4 views

CVE-2025-12166

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

7.5CVSS6.8AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/01/15 8:16 p.m.7 views

CVE-2026-23622

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from...

8.8CVSS0.00203EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/15 7:28 p.m.6 views

EUVD-2026-2736

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from...

8.7CVSS6.2AI score0.00203EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/15 7:28 p.m.26 views

CVE-2026-23622 CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from...

8.7CVSS0.00203EPSS
Exploits1References1
CVE
CVE
added 2026/01/15 7:28 p.m.34 views

CVE-2026-23622

CVE-2026-23622 involves a CSRF protection bypass in Easy!Appointments (versions ≤ 1.5.2) where application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests. As a result, state-changing endpoints that accept GET/$_REQUEST parameters—such as /admins/store, /admins/update, an...

8.8CVSS6.4AI score0.00203EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/01/15 7:28 p.m.6 views

CVE-2026-23622 CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from...

8.7CVSS6.7AI score0.00203EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/01/15 7:4 a.m.9 views

WordPress Simply Schedule Appointments plugin <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability

Unauthenticated SQL Injection via order and appendwheresql Parameters vulnerability discovered by shark3y in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.9...

7.5CVSS8.1AI score0.00289EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.7 views

Easy!Appointments has a security vulnerability.

Easy!Appointments is a web-based appointment and calendar management system developed by Alex Tselegidis. Versions of Easy!Appointments prior to 1.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF protection for only POST requests, which could allow for...

8.8CVSS5.8AI score0.00203EPSS
Exploits1References1
Rows per page
Query Builder