CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

ATTACKERKB•added 2026/05/26 10:0 p.m.•11 views

CVE-2026-9603

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS6.3AI score0.00059EPSS

Exploits0References5Affected Software1

EUVD•added 2026/05/26 10:0 p.m.•9 views

EUVD-2026-32018

6.9CVSS6.3AI score0.00059EPSS

Exploits0References6

Cvelist•added 2026/05/26 10:0 p.m.•24 views

CVE-2026-9603 SourceCodester eDoc Doctor Appointment System delete-session.php authorization

6.9CVSS0.00059EPSS

Exploits0References6

Vulnrichment•added 2026/05/26 10:0 p.m.•6 views

CVE-2026-9603 SourceCodester eDoc Doctor Appointment System delete-session.php authorization

6.9CVSS6.3AI score0.00059EPSS

Exploits0References6

RedhatCVE•added 2025/12/12 1:6 a.m.•2 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

8.8CVSS6.3AI score0.00127EPSS

Exploits1References1

OSV•added 2025/12/11 6:16 p.m.•2 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

8.8CVSS5.8AI score0.00127EPSS

Exploits1References2

NVD•added 2025/12/11 6:16 p.m.•4 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

8.8CVSS0.00127EPSS

Exploits1References2

CNNVD•added 2025/12/11 12:0 a.m.•2 views

Edoc-doctor-appointment-system 安全漏洞

Edoc-doctor-appointment-system is a simple web project for e-channels by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version 1.0.1, which stems from an unfiltered title parameter in admin/add-session.php, which could lead to a cross-site...

8.8CVSS6.1AI score0.00127EPSS

Exploits1References2

CVE•added 2025/12/11 12:0 a.m.•7 views

CVE-2025-66918

The CVE-2025-66918 entry concerns edoc-doctor-appointment-system v1.0.1 with a Cross Site Scripting (XSS) flaw in admin/add-session.php via the title parameter. The vulnerability is triggered by unsanitized user input in the title field, enabling script injection. Documents consistently describe ...

8.8CVSS5.8AI score0.00127EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/12/11 12:0 a.m.•2 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

5.8AI score0.00127EPSS

Exploits1References2

Cvelist•added 2025/12/11 12:0 a.m.•25 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

0.00127EPSS

Exploits1References2

EUVD•added 2025/12/11 12:0 a.m.•2 views

EUVD-2025-202753

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

8.8CVSS5.7AI score0.00127EPSS

Exploits1References3

EUVD•added 2025/12/02 6:30 p.m.•2 views

EUVD-2025-200279

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

7.2AI score0.00052EPSS

Exploits1References3

OSV•added 2025/12/02 5:16 p.m.•1 views

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

9.8CVSS5.8AI score0.00052EPSS

Exploits1References2

Cvelist•added 2025/12/02 12:0 a.m.•5 views

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

0.00052EPSS

Exploits1References2

Vulnrichment•added 2025/12/02 12:0 a.m.•3 views

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

7.3AI score0.00052EPSS

Exploits1References2

CVE•added 2025/12/02 12:0 a.m.•6 views

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 contains an SQL injection via the docid parameter in /admin/appointment.php. The root cause is unsanitized user input enabling attackers to manipulate queries, resulting in a CRITICAL impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Documented in multi...

9.8CVSS7.3AI score0.00052EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-39251

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00264EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-39249

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00328EPSS

Exploits0References2