CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

9.8CVSS5.6AI score0.0004EPSS

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

RedhatCVE•added yesterday•3 views

CVE-2026-39112

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

5.4CVSS5.6AI score0.00033EPSS

RedhatCVE•added yesterday•3 views

CVE-2026-7881

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

6.3CVSS5.5AI score0.00027EPSS

7.5CVSS7AI score0.00037EPSS

CVE-2026-9523

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...

6.3CVSS5.5AI score0.00046EPSS

CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

Chainguard•added yesterday•5 views

CVE-2026-9943 vulnerabilities

Vulnerabilities for packages: chromium...

4.3CVSS5.4AI score0.00029EPSS

Exploits0

8.8CVSS5.6AI score0.00058EPSS

CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

Vulnrichment•added 4 days ago•5 views

CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS5.3AI score0.00034EPSS

Vulnrichment•added 5 days ago•6 views

CVE-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

5.8AI score0.00049EPSS

Exploits0References2

ATTACKERKB•added 5 days ago•7 views

CVE-2026-46764

5.8AI score0.00049EPSS

Exploits0References3

CVE•added 5 days ago•11 views

CVE-2026-10209

CVE-2026-10209 relates to code-projects Online Hospital Management System 1.0. The vulnerability affects the Appointment Handler’s appointmentdetail.php—specifically the unknown function handling the editid parameter. Exploiting the manipulated editid enables SQL injection that can be executed re...

EUVD•added 5 days ago•8 views

EUVD-2026-33530

A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out...

ATTACKERKB•added 5 days ago•6 views

CVE-2026-10209

Exploits0References6Affected Software1

Vulnrichment•added 5 days ago•5 views

CVE-2026-10209 code-projects Online Hospital Management System Appointment appointmentdetail.php sql injection

CNNVD•added 5 days ago•4 views

Code-Projects Online Hospital Management System SQL Injection Vulnerability

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the editid...

6.5CVSS6.7AI score0.00033EPSS

Positive Technologies•added 5 days ago•7 views

PT-2026-45241

NVD•added 2026/05/29 7:16 p.m.•8 views

Exploits0References7

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS0.00032EPSS

Exploits0References2

Vulnrichment•added 2026/05/29 6:3 p.m.•4 views

CVE-2026-47740 Shopper: Authorization bypass in multiple Livewire admin components

8.1CVSS5.8AI score0.00032EPSS

Exploits0References2

EUVD•added 2026/05/29 12:44 p.m.•11 views

EUVD-2026-33298

8.5CVSS5.8AI score0.00058EPSS