Lucene search
K

1179 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-15493

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument exportdate results in cross site scripting. It is possible to initiate...

5.1CVSS0.00191EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43215

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument exportdate results in cross site scripting. It is possible to initiate...

5.1CVSS4.8AI score0.00191EPSS
Exploits0References4
CVE
CVE
added 2 days ago12 views

CVE-2026-15493

The CVE-2026-15493 entry concerns Akpali9 Attendance-Management-System. Vulnerability context: absent.php processing is affected, enabling cross-site scripting via manipulation of the export_date argument. Impact is stated as remote initiation with low to moderate risk indicators depending on the...

5.1CVSS4.8AI score0.00191EPSS
Exploits0References4
NVD
NVD
added 2 days ago8 views

CVE-2026-15478

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS0.00192EPSS
Exploits0References5
OSV
OSV
added 2 days ago3 views

CVE-2026-15478 IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

5.3CVSS6.4AI score0.00192EPSS
Exploits0References7
CVE
CVE
added 2 days ago15 views

CVE-2026-15478

IceHRM

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43053

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

6.1AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-55809

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

8.1CVSS0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55809 Flag attendance field - Critical - PHP object injection - SA-CONTRIB-2026-049

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

0.00173EPSS
Exploits0References1
CVE
CVE
added 4 days ago19 views

CVE-2026-55809

The CVE-2026-55809 issue affects the Drupal Flag attendance field module, with vulnerable versions 0.0.0 through 1.2. The root cause is improper control of modification of dynamically-determined object attributes, with data stored as PHP-serialized strings. If malicious data is written to the fie...

8.1CVSS6.1AI score0.00173EPSS
Exploits0References1Affected Software1
NVD
NVD
added 5 days ago6 views

CVE-2026-45780

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...

5.3CVSS0.00399EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-45780

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...

5.3CVSS5.9AI score0.00399EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56994

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description The EventSerializer could expose invited group names, sample invitees, and attendan...

5.3CVSS6.1AI score0.00399EPSS
Exploits0References12
OSV
OSV
added 2026/06/17 6:39 p.m.6 views

DRUPAL-CONTRIB-2026-049

The Flag attendance field module gives you the ability to add attendance by depending on Flag module. flagattendancefield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection vulnerability when th...

8.1CVSS5.5AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50611

Name of the Vulnerable Software and Affected Versions Flag attendance field versions 0.0.0 through 1.2 Description An Object Injection issue exists in the Flag attendance field module due to the improper control of modification of dynamically-determined object attributes. The module stores data a...

6.1AI score0.00173EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 10:16 a.m.12 views

CVE-2026-52712

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

7.6CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.16 views

CVE-2026-52712

CVE-2026-52712 affects the WordPress Attendance Manager plugin version <= 0.6.2 and is described as a Subscriber SQL Injection vulnerability. The initial documents cite a CVSSv3.1 base score of 7.6 (High) with network attack vector, low attack complexity, and high confidentiality impact, but d...

7.6CVSS5.7AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.9 views

EUVD-2026-37049

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

7.6CVSS5.8AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.27 views

CVE-2026-52712 WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

7.6CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/06/13 11:16 p.m.21 views

CVE-2026-12175

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

5.8CVSS0.00214EPSS
Exploits0References6
Rows per page
Query Builder