Lucene search
K

1970 matches found

NVD
NVD
added yesterday5 views

CVE-2026-15070

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS0.00259EPSS
Exploits0References6
CVE
CVE
added yesterday10 views

CVE-2026-15070

The CVE covers the WordPress plugin “Salon Booking System – Free Version.” All versions up to and including 10.30.32 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in setCustomText, allowing unauthenticated attackers to inject PHP into translate-constants.p...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References6
Patchstack
Patchstack
added 2 days ago5 views

WordPress Salon Booking System – Free Version plugin <= 10.30.32 - Cross-Site Request Forgery to Remote Code Execution vulnerability

Cross-Site Request Forgery to Remote Code Execution vulnerability discovered by Afifudin Maarif in WordPress Plugin Salon booking system versions = 10.30.32...

8.8CVSS6.1AI score0.00259EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 7:16 a.m.7 views

CVE-2026-11887

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...

4.3CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.41 views

CVE-2026-11887 Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...

0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.18 views

CVE-2026-11887

The CVE concerns the Salon Booking System WordPress plugin prior to 10.30.20. Affected component: an AJAX action without proper authorization checks, enabling any authenticated user (e.g., a subscriber) to modify the plugin’s settings and bypass manual approval of new bookings. Root cause: insuff...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37604

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS5.2AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-40768

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.16 views

CVE-2026-40768

The CVE covers WordPress Salon booking system plugin versions

7.3CVSS5.2AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-42666

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.7 views

CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS5.1AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.15 views

CVE-2026-42666

The WordPress Salon Booking System plugin versions

7.5CVSS5.1AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36831

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS5.1AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49457

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS5.1AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:30 a.m.40 views

CVE-2026-11488 code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

7.5CVSS0.00275EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 4:30 a.m.16 views

EUVD-2026-35019

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

7.5CVSS6.9AI score0.00275EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:30 a.m.7 views

CVE-2026-11488

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

7.5CVSS6.9AI score0.00275EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47250

Name of the Vulnerable Software and Affected Versions Simple Flight Ticket Booking System version 1.0 Description An issue exists in the POST Parameter Handler component within the checkUser.php file. Remote manipulation of the Username parameter allows for SQL injection, a technique where...

7.5CVSS7.4AI score0.00275EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Code-Projects Simple Flight Ticket Booking System 注入漏洞

Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the code-projects Simple Flight Ticket Booking System has a vulnerability due to incorrect handling of the Username parameter in the POST Parameter Handler...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6492

A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure...

6.9CVSS5.6AI score0.00384EPSS
Exploits0References1
Rows per page
Query Builder