CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 days ago•9 views

CVE-2026-11513

The vulnerability CVE-2026-11513 affects itsourcecode Hospital Management System 1.0. The issue is an SQL injection in an unknown function of /adminaccount.php triggered by manipulating the Date argument. It can be exploited remotely and an exploit is public. CVSS data is provided (v3.1/3.0/2.0 v...

6.5CVSS6.5AI score0.00033EPSS

EUVD•added 4 days ago•5 views

EUVD-2026-35055

6.5CVSS6.6AI score0.00033EPSS

ATTACKERKB•added 4 days ago•3 views

CVE-2026-11513

6.5CVSS6.5AI score0.00033EPSS

Exploits0References6Affected Software1

Cvelist•added 4 days ago•36 views

CVE-2026-11513 itsourcecode Hospital Management System adminaccount.php sql injection

6.5CVSS0.00033EPSS

Positive Technologies•added 4 days ago•7 views

PT-2026-47280

6.5CVSS6.5AI score0.00033EPSS

Exploits0References7

Positive Technologies•added 2026/05/29 12:0 a.m.•7 views

PT-2026-44884

A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get ups field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded b...

9CVSS6.2AI score0.00046EPSS

Exploits0References5

RedhatCVE•added 2026/05/24 2:12 a.m.•11 views

CVE-2021-47967

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

6.1CVSS5.9AI score0.00095EPSS

Exploits0References1

EUVD•added 2026/04/17 6:31 a.m.•1 views

EUVD-2026-23364

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb-prepare. This makes it possible for authenticat...

NVD•added 2026/04/17 5:16 a.m.•2 views

Exploits0References9

CVE-2026-6080

6.5CVSS0.00018EPSS

CVE•added 2026/04/17 3:36 a.m.•16 views

CVE-2026-6080

The CVE describes a SQL Injection in the WordPress Tutor LMS plugin (versions ≤ 3.9.8). Root cause: insufficient escaping on the 'date' parameter and direct interpolation into a SQL fragment before $wpdb->prepare(), enabling authenticated Admin+ attackers to append extra SQL queries and extrac...

ATTACKERKB•added 2026/04/17 3:36 a.m.•3 views

CVE-2026-6080

Cvelist•added 2026/04/17 3:36 a.m.•28 views

Exploits0References9

CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter

6.5CVSS0.00018EPSS

Vulnrichment•added 2026/04/17 3:36 a.m.•2 views

CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter

6.5CVSS5.8AI score0.00018EPSS

Patchstack•added 2026/04/17 2:6 a.m.•4 views

WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability

Authenticated Admin+ SQL Injection via 'date' Parameter vulnerability discovered by PRISM in WordPress Plugin Tutor LMS versions = 3.9.8...

6.5CVSS6AI score0.00018EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/17 12:0 a.m.•5 views

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Positive Technologies•added 2026/04/17 12:0 a.m.•1 views

Exploits0References2

PT-2026-33407