Lucene search
K

8 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40063

A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/modamenities/controller.php?action=edit. Performing a manipulation of the argument amenid results in sql injection. It is possible to initiate the attack remotely...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 7:59 p.m.32 views

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:10 p.m.6 views

CVE-2018-18802

The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/modusers/controller.php?action=edit...

8.8CVSS7AI score0.00877EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/28 12:0 a.m.4 views

EUVD-2025-199868

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS6.5AI score0.00368EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/28 12:0 a.m.8 views

CVE-2025-66385

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges e.g., obtain a higher role such as admin via the user-edit endpoint by supplying or modifying roleid or organisationid fields in the edit request...

9.4CVSS0.00368EPSS
Exploits0References3
OSV
OSV
added 2022/08/05 9:15 p.m.5 views

CVE-2022-35163

Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the UNAME parameter at /category/controller.php?action=edit...

4.8CVSS5.7AI score0.00429EPSS
Exploits1References1
OSV
OSV
added 2019/06/18 4:15 p.m.3 views

CVE-2018-18802

The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/modusers/controller.php?action=edit...

8.8CVSS5.8AI score0.00877EPSS
Exploits1References2
OSV
OSV
added 2018/11/16 6:29 p.m.4 views

CVE-2018-18794

School Event Management System 1.0 allows CSRF via user/controller.php?action=edit...

8.8CVSS5.8AI score0.02385EPSS
Exploits5References2
Rows per page
Query Builder