Lucene search
K

1351 matches found

The Hacker News
The Hacker News
added 2026/07/06 10:58 a.m.16 views

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by...

6.2AI score
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40417

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS5.7AI score0.00374EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 10:16 p.m.8 views

CVE-2026-52868

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS0.00374EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 9:6 p.m.7 views

CVE-2026-52868

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS5.8AI score0.00374EPSS
Exploits0
OSV
OSV
added 2026/06/30 9:6 p.m.4 views

CVE-2026-52868 OFFIS DCMTK Toolkit Path Traversal

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS5.8AI score0.00374EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 9:6 p.m.29 views

CVE-2026-52868

The CVE-2026-52868 issue is a path traversal vulnerability in the OFFIS DCMTK Toolkit where an unauthenticated attacker can read worklist records stored outside the intended per-AE area, potentially crossing department/clinic data boundaries in multi-area deployments. Connected sources confirm th...

8.8CVSS5.7AI score0.00374EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53994

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can perform a directory traversal to read worklist records from a directory outside the intended per-AE worklist storage area. In...

8.8CVSS5.8AI score0.00374EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 6:16 a.m.7 views

CVE-2026-13532

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /departmentDoctor.php. This manipulation of the argument deptid causes sql injection. It is possible to initiate the attack remotely. The exploit h...

6.5CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 4:16 a.m.7 views

CVE-2026-13531

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /department.php. The manipulation of the argument editid results in sql injection. The attack may be performed from remote. The exploit has been released to the public a...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 3:45 a.m.8 views

CVE-2026-13532

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /departmentDoctor.php. This manipulation of the argument deptid causes sql injection. It is possible to initiate the attack remotely. The exploit h...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/29 3:45 a.m.8 views

EUVD-2026-40029

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /departmentDoctor.php. This manipulation of the argument deptid causes sql injection. It is possible to initiate the attack remotely. The exploit h...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 3:45 a.m.15 views

CVE-2026-13532

The CVE-2026-13532 entry concerns itsourcecode Hospital Management System 1.0. Affected component: /departmentDoctor.php; vulnerable parameter: deptid, enabling SQL injection remotely. Exploit appears publicly available. No remediation details are provided in the supplied documents.

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 3:30 a.m.7 views

CVE-2026-13531

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /department.php. The manipulation of the argument editid results in sql injection. The attack may be performed from remote. The exploit has been released to the public a...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/29 3:30 a.m.9 views

EUVD-2026-40028

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /department.php. The manipulation of the argument editid results in sql injection. The attack may be performed from remote. The exploit has been released to the public a...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 3:30 a.m.14 views

CVE-2026-13531

CVE-2026-13531 concerns itsourcecode Hospital Management System 1.0. Affected is an unknown function in the file /department.php where manipulation of the argument editid leads to a SQL injection. The vulnerability can be exploited remotely, and the exploit has been released publicly. Public expl...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.16 views

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS4AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.14 views

CVE-2026-11334

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...

7.5CVSS5.5AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.13 views

CVE-2026-37596

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...

2.7CVSS5.7AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44633

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

8.1CVSS5.6AI score0.0027EPSS
Exploits0References1
Rows per page
Query Builder