Lucene search
K

160 matches found

NVD
NVD
added 2026/06/29 10:16 a.m.7 views

CVE-2026-13556

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/modusers/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be...

5.3CVSS0.00443EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 10:16 a.m.9 views

CVE-2026-13552

A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/modamenities/controller.php?action=edit. Performing a manipulation of the argument amenid results in sql injection. It is possible to initiate the attack remotely...

7.5CVSS0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 9:45 a.m.37 views

CVE-2026-13556 itsourcecode Online Hotel Management System POST Request controller.php edit cross site scripting

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/modusers/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be...

5.3CVSS0.00443EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2026/06/19 12:0 a.m.9 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation CVE-2026-31488 kerne...

9.8CVSS6.4AI score0.00353EPSS
Exploits11References18
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-11584

A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:30 p.m.11 views

CVE-2026-11584

A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47445

A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

CodeAstro Student Attendance Management System 注入漏洞

The CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.19 views

CVE-2026-40544

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/uploadbackup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

5.1CVSS0.00295EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:10 p.m.6 views

CVE-2018-18802

The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/modusers/controller.php?action=edit...

8.8CVSS7AI score0.00877EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.8 views

CVE-2022-23380

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin=2=edit...

8.8CVSS7.9AI score0.00955EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/29 1:32 a.m.4 views

CVE-2025-15166 itsourcecode Online Cake Ordering System updatesupplier.php sql injection

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be...

7.5CVSS7.2AI score0.00326EPSS
Exploits1References5
OSV
OSV
added 2025/12/29 1:15 a.m.7 views

CVE-2025-15165

A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

9.8CVSS5.7AI score0.00326EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.16 views

PT-2025-53681

Name of the Vulnerable Software and Affected Versions itsourcecode Online Cake Ordering System version 1.0 Description A SQL injection issue exists in itsourcecode Online Cake Ordering System version 1.0. The issue is located in an unknown function within the /updatesupplier.php?action=edit file...

9.8CVSS7.5AI score0.00326EPSS
Exploits1References13
Cvelist
Cvelist
added 2025/12/14 9:2 a.m.26 views

CVE-2025-14652 itsourcecode Online Cake Ordering System admindetail.php sql injection

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and...

7.5CVSS0.00339EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/16 8:33 a.m.6 views

CVE-2025-10743

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

7.5CVSS6.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 9:15 a.m.7 views

CVE-2025-10743

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

7.5CVSS0.0035EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/15 8:25 a.m.8 views

CVE-2025-10743 Outdoor <= 1.3.2 - Unauthenticated SQL Injection

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

7.5CVSS0.0035EPSS
Exploits0References3
CVE
CVE
added 2025/10/15 8:25 a.m.21 views

CVE-2025-10743

CVE-2025-10743 : The WordPress Outdoor plugin (up to version 1.3.2) contains an unauthenticated SQL injection via the edit action due to insufficient escaping of the user-supplied parameter and inadequate preparation of the SQL query. Multiple sources confirm this vulnerability affects all versio...

7.5CVSS6.4AI score0.0035EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/15 8:25 a.m.2 views

CVE-2025-10743 Outdoor <= 1.3.2 - Unauthenticated SQL Injection

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

7.5CVSS6.4AI score0.0035EPSS
Exploits0References3
Rows per page
Query Builder