1115 matches found
CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-13578
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The explo...
EUVD-2026-40120
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The explo...
CVE-2026-13578 itsourcecode Hospital Management System patientdetail.php sql injection
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The explo...
CVE-2026-13530
A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...
CVE-2026-13530 itsourcecode Hospital Management System Appointment appointmentdetail.php sql injection
A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...
EUVD-2026-40027
A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...
CVE-2026-13530
The vulnerability CVE-2026-13530 affects itsourcecode Hospital Management System 1.0, specifically the Appointment Handler component through the file /appointmentdetail.php. The issue arises from manipulating the argument editid, leading to an SQL injection. Evidence indicates the attack can be c...
PT-2026-53200
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description An issue exists in the Appointment Handler component within the /appointmentdetail.php endpoint. Remote manipulation of the editid argument allows for SQL injection, a technique...
PT-2026-52982
Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the OPAC item detail page. An authenticated remote attacker with edit items permission can inject arbitrary web scripts throu...
CVE-2026-50766
A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...
CVE-2026-50766
A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...
CVE-2026-50766
A stored cross-site scripting XSS vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edititems permission to inject arbitrary web scripts via the item public notes field items.itemnotes...
CVE-2026-50766
CVE-2026-50766 is a stored XSS vulnerability in the Koha Library Management System (OPAC item detail page) up to version 25.11. An authenticated user with the ability to edit items can inject arbitrary web scripts via the item public notes field (items.itemnotes). The connected documents confirm ...
CVE-2026-52795
Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...
CVE-2026-11943
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...
CVE-2026-11943 Akaunting 3.1.21 - Authenticated stored XSS in document timeline
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...
CVE-2026-12788
A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...
CVE-2026-12788 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 XML Parser import xml external entity reference
A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...
EUVD-2026-38152
A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...