CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 6 days ago•9 views

PT-2026-46959

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard page/forms/upload student data.php of the component Student Data...

6.5CVSS6.2AI score0.00043EPSS

Exploits0References7

ATTACKERKB•added 2026/06/04 1:22 p.m.•4 views

CVE-2019-25727

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

9.8CVSS5.9AI score0.00167EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/06/04 1:22 p.m.•32 views

CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download

9.8CVSS0.00167EPSS

NVD•added 2026/06/04 12:16 p.m.•7 views

CVE-2025-52612

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters...

8.8CVSS0.00043EPSS

Exploits0References1

CVE•added 2026/06/04 11:40 a.m.•8 views

CVE-2025-52612

CVE-2025-52612 affects HCL iControl. The vulnerability is described as a CSV export injection that enables reflected cross-site scripting due to insufficient input parameter sanitization. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) indicates high impact across confidentiality, integ...

8.8CVSS5.6AI score0.00043EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46187

7.1CVSS5.6AI score0.00043EPSS

NVD•added 2026/06/01 11:16 a.m.•10 views

CVE-2026-10248

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function createsupplier of the file /Exportcsv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection...

5.8CVSS0.00067EPSS

Cvelist•added 2026/06/01 10:15 a.m.•28 views

CVE-2026-10248 SourceCodester Pharmacy Sales and Inventory System Supplier Creation export create_supplier csv injection

5.8CVSS0.00067EPSS

CVE•added 2026/06/01 10:15 a.m.•11 views

CVE-2026-10248

CVE-2026-10248 affects SourceCodester Pharmacy Sales and Inventory System (up to 1.0). The vulnerability resides in the function create_supplier, within the /Export_csv/export component of the Supplier Creation Interface, where manipulating the Address/Company Name argument enables CSV injection....

5.8CVSS5.5AI score0.00067EPSS

NVD•added 2026/06/01 9:16 a.m.•11 views

CVE-2026-40548

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

6.4CVSS0.00051EPSS

ATTACKERKB•added 2026/06/01 9:3 a.m.•6 views

CVE-2026-40544

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/uploadbackup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

Vulnrichment•added 2026/06/01 9:3 a.m.•8 views

CVE-2026-40544 Stored XSS in SOPlanning

CVE•added 2026/06/01 9:3 a.m.•15 views

CVE-2026-40544

SOPlanning is affected by a Stored XSS in the backup feature. An authenticated attacker with backup access can upload a crafted ZIP containing a malicious user.csv; the injected script executes in victims’ browsers when they click Edit on the malicious backup. Affected: SOPlanning v1.55 and earli...

ATTACKERKB•added 2026/06/01 9:3 a.m.•7 views

CVE-2026-40543

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

8.8CVSS5.8AI score0.00088EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•8 views

PT-2026-45357

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/upload backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

Positive Technologies•added 2026/06/01 12:0 a.m.•9 views

PT-2026-45394

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create supplier of the file /Export csv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection...

5.8CVSS5.5AI score0.00067EPSS

Exploits0References7

Positive Technologies•added 2026/06/01 12:0 a.m.•6 views

PT-2026-45361

6.4CVSS5.8AI score0.00051EPSS

CNNVD•added 2026/06/01 12:0 a.m.•5 views

SOPlanning code-related vulnerabilities

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had code vulnerabilities. These vulnerabilities stemmed from an unvalidated validation of file extensions during upload. This allowed authenticated attackers to uploa...

8.8CVSS5.9AI score0.00088EPSS