Lucene search
K

221 matches found

NVD
NVD
added yesterday3 views

CVE-2026-15700

A security flaw has been discovered in DedeCMS 5.7.118. Affected by this vulnerability is the function ExtractFile of the file include/zip.class.php of the component Album Publishing Feature. The manipulation of the argument filename results in path traversal. The attack can be executed remotely...

5.8CVSS
Exploits0References5
CVE
CVE
added 2026/07/04 6:45 p.m.18 views

CVE-2026-14642

SourceCodester Class and Exam Timetabling System 1.0 contains a SQL injection in the /edit_class2.php endpoint caused by unsafely manipulated ID parameter. The vulnerability is remote and publicly exploitable (PoC). CVSS data from multiple sources indicate a NETWORK attack with low complexity and...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 12:0 p.m.9 views

EUVD-2026-40076

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 12:0 p.m.11 views

CVE-2026-13565

The vulnerability CVE-2026-13565 affects SourceCodester Class and Exam Timetabling System (1.0/1.php). The issue is in /edit_class1.php where manipulating the argument ID enables SQL injection, a remotely triggerable flaw. Publicly disclosed exploit exists (proof-of-concept). Affected component: ...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 2:15 a.m.9 views

EUVD-2026-40023

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editclass.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 7:15 p.m.19 views

CVE-2026-11583

The CVE-2026-11583 entry concerns CodeAstro Student Attendance Management System 1.0. Affected component: /attendance-php/Admin/createClass.php; the vulnerability arises from manipulating the argument className, resulting in SQL injection. The issue is exploitable remotely, and the exploit has be...

6.5CVSS5.4AI score0.00204EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-32861

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

8.5CVSS7.6AI score0.0022EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 3:16 p.m.18 views

CVE-2026-37712

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, calluserfuncarray in function job type...

7.3CVSS0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44000

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php...

6.2AI score0.00384EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:0 a.m.52 views

CVE-2026-37713

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php...

0.00384EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 5:44 a.m.5 views

BIT-JRE-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS6AI score0.17673EPSS
Exploits2References25
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-37959

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS6AI score0.17673EPSS
Exploits2References26
ATTACKERKB
ATTACKERKB
added 2026/05/03 9:15 a.m.5 views

CVE-2026-7688

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS5.5AI score0.00221EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.20 views

PT-2026-36692

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS5.5AI score0.00221EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/19 12:15 p.m.32 views

CVE-2026-6572 Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remot...

6.3CVSS0.00323EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/19 12:0 a.m.11 views

kodcloud KodExplorer 安全漏洞

KodCloud KodExplorer is a web file manager provided by the Chinese company KodCloud. Versions of KodCloud KodExplorer 4.52 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper authorization during the handling of the fileUpload parameter in...

6.3CVSS6.2AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 7:46 p.m.23 views

CVE-2026-32861 Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvclass file

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

8.5CVSS0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 1:2 a.m.4 views

EUVD-2026-16076

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/26 1:2 a.m.3 views

CVE-2026-4831 kalcaddle kodbox Password-protected Share auth.class.php can improper authentication

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 1:2 a.m.11 views

CVE-2026-4831

CVE-2026-4831 affects kalcaddle kodbox 1.64. The vulnerability is described as an improper authentication in the Password-protected Share Handler, specifically in the file /workspace/source-code/app/controller/explorer/auth.class.php. The issue can be exploited remotely; attack complexity is high...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References4
Rows per page
Query Builder