Lucene search
+L

1181 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-15493

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument exportdate results in cross site scripting. It is possible to initiate...

5.1CVSS0.00191EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-43215

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument exportdate results in cross site scripting. It is possible to initiate...

5.1CVSS4.8AI score0.00191EPSS
Exploits0References4
CVE
CVE
added 5 days ago13 views

CVE-2026-15493

The CVE-2026-15493 entry concerns Akpali9 Attendance-Management-System. Vulnerability context: absent.php processing is affected, enabling cross-site scripting via manipulation of the export_date argument. Impact is stated as remote initiation with low to moderate risk indicators depending on the...

5.1CVSS4.8AI score0.00191EPSS
Exploits0References4
NVD
NVD
added 5 days ago8 views

CVE-2026-15478

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS0.00192EPSS
Exploits0References5
CVE
CVE
added 5 days ago15 views

CVE-2026-15478

IceHRM

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
OSV
OSV
added 5 days ago5 views

CVE-2026-15478 IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

5.3CVSS6.4AI score0.00192EPSS
Exploits0References7
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-43053

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

6.1AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 10:16 p.m.6 views

CVE-2026-55809

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

8.1CVSS0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:44 p.m.31 views

CVE-2026-55809 Flag attendance field - Critical - PHP object injection - SA-CONTRIB-2026-049

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

0.00307EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:44 p.m.21 views

CVE-2026-55809

The CVE-2026-55809 issue affects the Drupal Flag attendance field module, with vulnerable versions 0.0.0 through 1.2. The root cause is improper control of modification of dynamically-determined object attributes, with data stored as PHP-serialized strings. If malicious data is written to the fie...

8.1CVSS6.1AI score0.00307EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/09 10:17 p.m.6 views

CVE-2026-45780

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...

5.3CVSS0.00364EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:8 p.m.8 views

CVE-2026-45780

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...

5.3CVSS5.9AI score0.00364EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/07/09 10:8 p.m.4 views

CVE-2026-45780 Discourse: Private event sample invitees are serialized to non-invited event viewers

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...

5.3CVSS6.1AI score0.00364EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56994

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description The EventSerializer could expose invited group names, sample invitees, and attendan...

5.3CVSS6.1AI score0.00364EPSS
Exploits0References17
OSV
OSV
added 2026/06/17 6:39 p.m.7 views

DRUPAL-CONTRIB-2026-049

The Flag attendance field module gives you the ability to add attendance by depending on Flag module. flagattendancefield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection vulnerability when th...

8.1CVSS5.5AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50611

Name of the Vulnerable Software and Affected Versions Flag attendance field versions 0.0.0 through 1.2 Description An Object Injection issue exists in the Flag attendance field module due to the improper control of modification of dynamically-determined object attributes. The module stores data a...

6.1AI score0.00307EPSS
Exploits0References3
Drupal
Drupal
added 2026/06/17 12:0 a.m.11 views

Flag attendance field - Critical - PHP object injection - SA-CONTRIB-2026-049

The Flag attendance field module gives you the ability to add attendance by depending on Flag module. flagattendancefield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection vulnerability when th...

8.1CVSS5.4AI score0.00307EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 10:16 a.m.13 views

CVE-2026-52712

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

7.6CVSS0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.9 views

EUVD-2026-37049

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

7.6CVSS5.8AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.17 views

CVE-2026-52712

CVE-2026-52712 affects the WordPress Attendance Manager plugin version <= 0.6.2 and is described as a Subscriber SQL Injection vulnerability. The initial documents cite a CVSSv3.1 base score of 7.6 (High) with network attack vector, low attack complexity, and high confidentiality impact, but d...

7.6CVSS5.7AI score0.00235EPSS
Exploits0References1
Rows per page
Query Builder