Lucene search
+L

1115 matches found

Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 3:16 p.m.9 views

CVE-2026-13578

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The explo...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 2:30 p.m.9 views

EUVD-2026-40120

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The explo...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 2:30 p.m.40 views

CVE-2026-13578 itsourcecode Hospital Management System patientdetail.php sql injection

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The explo...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 4:16 a.m.8 views

CVE-2026-13530

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...

6.5CVSS0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 3:15 a.m.43 views

CVE-2026-13530 itsourcecode Hospital Management System Appointment appointmentdetail.php sql injection

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 3:15 a.m.8 views

EUVD-2026-40027

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 3:15 a.m.29 views

CVE-2026-13530

The vulnerability CVE-2026-13530 affects itsourcecode Hospital Management System 1.0, specifically the Appointment Handler component through the file /appointmentdetail.php. The issue arises from manipulating the argument editid, leading to an SQL injection. Evidence indicates the attack can be c...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.18 views

PT-2026-53200

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description An issue exists in the Appointment Handler component within the /appointmentdetail.php endpoint. Remote manipulation of the editid argument allows for SQL injection, a technique...

6.5CVSS6.6AI score0.002EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52982

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the OPAC item detail page. An authenticated remote attacker with edit items permission can inject arbitrary web scripts throu...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.5 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.6 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.8AI score0.00196EPSS
Exploits1References2
OSV
OSV
added 2026/06/26 12:0 a.m.4 views

CVE-2026-50766

A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...

5.4CVSS5.9AI score0.00196EPSS
Exploits1References3
CVE
CVE
added 2026/06/26 12:0 a.m.12 views

CVE-2026-50766

CVE-2026-50766 is a stored XSS vulnerability in the Koha Library Management System (OPAC item detail page) up to version 25.11. An authenticated user with the ability to edit items can inject arbitrary web scripts via the item public notes field (items.itemnotes). The connected documents confirm ...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:6 p.m.6 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/22 4:16 p.m.13 views

CVE-2026-11943

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 3:30 p.m.35 views

CVE-2026-11943 Akaunting 3.1.21 - Authenticated stored XSS in document timeline

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS0.00261EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 9:16 a.m.14 views

CVE-2026-12788

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS0.00237EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/21 7:45 a.m.38 views

CVE-2026-12788 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 XML Parser import xml external entity reference

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS0.00237EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 7:45 a.m.11 views

EUVD-2026-38152

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS6.2AI score0.00237EPSS
Exploits0References5
Rows per page
Query Builder