11198 matches found
CVE-2026-5138
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...
CVE-2026-57995 phpMyFAQ - Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...
EUVD-2026-40376
The Webmention plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.8.0 via parser-derived 'avatar' and 'url' author metadata. This is due to insufficient input sanitization and output escaping on user-supplied MF2 author properties processed by the...
kernel: net/sched: act_pedit: extend the writable skb range per key
A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...
PT-2026-53940
Name of the Vulnerable Software and Affected Versions Webmention versions prior to 5.8.1 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping of user-supplied Microformat 2 MF2 author properties. An unauthenticated attacker can inject arbitrary...
kernel: net/sched: act_pedit: extend the writable skb range per key
A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...
CVE-2026-57956 SigNoz 0.130.1 - Cross-Organization Insecure Direct Object Reference in Alert Rules
SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...
CVE-2026-13565
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...
EUVD-2026-40076
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...
CVE-2026-13565
The vulnerability CVE-2026-13565 affects SourceCodester Class and Exam Timetabling System (1.0/1.php). The issue is in /edit_class1.php where manipulating the argument ID enables SQL injection, a remotely triggerable flaw. Publicly disclosed exploit exists (proof-of-concept). Affected component: ...
CVE-2026-13556
A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/modusers/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be...
CVE-2026-13552
A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/modamenities/controller.php?action=edit. Performing a manipulation of the argument amenid results in sql injection. It is possible to initiate the attack remotely...
CVE-2026-13556 itsourcecode Online Hotel Management System POST Request controller.php edit cross site scripting
A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/modusers/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be...
CVE-2026-13551
A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed...
EUVD-2026-40063
A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/modamenities/controller.php?action=edit. Performing a manipulation of the argument amenid results in sql injection. It is possible to initiate the attack remotely...
CVE-2026-13552
A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/modamenities/controller.php?action=edit. Performing a manipulation of the argument amenid results in sql injection. It is possible to initiate the attack remotely...
CVE-2026-13552 itsourcecode Online Hotel Management System controller.php edit sql injection
A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/modamenities/controller.php?action=edit. Performing a manipulation of the argument amenid results in sql injection. It is possible to initiate the attack remotely...
EUVD-2026-40057
A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed...
CVE-2026-13551
CVE-2026-13551 affects itsourcecode Baptism Information Management System 1.0. The vulnerability is an SQL injection in the /editBaptism.php handler caused by manipulation of the ID parameter. It is exploitable remotely (no authentication required per the description) with the exploit publicly di...
EUVD-2026-40023
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editclass.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...