1970 matches found
CVE-2026-15070
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...
CVE-2026-15070
The CVE covers the WordPress plugin “Salon Booking System – Free Version.” All versions up to and including 10.30.32 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in setCustomText, allowing unauthenticated attackers to inject PHP into translate-constants.p...
WordPress Salon Booking System – Free Version plugin <= 10.30.32 - Cross-Site Request Forgery to Remote Code Execution vulnerability
Cross-Site Request Forgery to Remote Code Execution vulnerability discovered by Afifudin Maarif in WordPress Plugin Salon booking system versions = 10.30.32...
CVE-2026-11887
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...
CVE-2026-11887 Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...
CVE-2026-11887
The CVE concerns the Salon Booking System WordPress plugin prior to 10.30.20. Affected component: an AJAX action without proper authorization checks, enabling any authenticated user (e.g., a subscriber) to modify the plugin’s settings and bypass manual approval of new bookings. Root cause: insuff...
EUVD-2026-37604
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
CVE-2026-40768
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
CVE-2026-40768
The CVE covers WordPress Salon booking system plugin versions
CVE-2026-42666
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
CVE-2026-42666
The WordPress Salon Booking System plugin versions
EUVD-2026-36831
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
PT-2026-49457
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
CVE-2026-11488 code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...
EUVD-2026-35019
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...
CVE-2026-11488
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...
PT-2026-47250
Name of the Vulnerable Software and Affected Versions Simple Flight Ticket Booking System version 1.0 Description An issue exists in the POST Parameter Handler component within the checkUser.php file. Remote manipulation of the Username parameter allows for SQL injection, a technique where...
Code-Projects Simple Flight Ticket Booking System 注入漏洞
Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the code-projects Simple Flight Ticket Booking System has a vulnerability due to incorrect handling of the Username parameter in the POST Parameter Handler...
CVE-2026-6492
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure...