CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 5 days ago•5 views

EUVD-2026-36747

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

5.5AI score0.00511EPSS

NVD•added 2026/06/09 1:16 a.m.•7 views

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS0.00109EPSS

OSV•added 2026/06/09 12:0 a.m.•3 views

UBUNTU-CVE-2026-42771

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

6.2CVSS5.4AI score0.00158EPSS

RedhatCVE•added 2026/06/05 7:44 p.m.•6 views

CVE-2026-39111

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data...

7.5CVSS5.7AI score0.00294EPSS

RedhatCVE•added 2026/06/05 7:39 p.m.•6 views

CVE-2026-7227

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS7.1AI score0.00254EPSS

RedhatCVE•added 2026/06/05 7:32 p.m.•9 views

CVE-2026-6696

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS5.7AI score0.00219EPSS

RedhatCVE•added 2026/06/01 10:3 p.m.•8 views

CVE-2026-10111

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...

7.5CVSS5.5AI score0.00254EPSS

Vulnrichment•added 2026/06/01 8:15 p.m.•8 views

CVE-2026-10289 code-projects Hotel and Tourism Reservation System tour.php cross site scripting

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

5.3CVSS4.3AI score0.00338EPSS

Exploits0References6

CVE•added 2026/06/01 8:15 p.m.•11 views

CVE-2026-10289

The CVE concerns code-projects Hotel and Tourism Reservation System 1.0. Affected is an unknown function in the file /ht/tour.php where manipulating the arguments /email, /people, or /number leads to cross-site scripting. The attack is remote, and the exploit has been released publicly. No remedi...

5.3CVSS4.3AI score0.00338EPSS

Exploits0References6

EUVD•added 2026/05/31 4:45 a.m.•10 views

EUVD-2026-33489

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.0028EPSS

ATTACKERKB•added 2026/05/31 4:45 a.m.•9 views

CVE-2026-10169

6.3CVSS5.1AI score0.0028EPSS

CNNVD•added 2026/05/31 12:0 a.m.•5 views

School Student Management System 授权问题漏洞

School Student Management System is an open-source tool developed by Binary Brains for managing school student information. The School Student Management System has a vulnerability related to authorization. This vulnerability stems from the parameter email in the ajaxforgotpassword function of th...

6.3CVSS5.8AI score0.0028EPSS

CVE•added 2026/05/30 2:55 p.m.•13 views

CVE-2018-25411

CVE-2018-25411 affects MGB OpenSource Guestbook 0.7.0.2. The vulnerability is an SQL injection in the email.php endpoint vulnerable to crafted payloads via the id parameter, allowing unauthenticated attackers to execute arbitrary SQL and potentially enumerate database tables and columns. The issu...

8.8CVSS6.1AI score0.0027EPSS

EUVD•added 2026/05/30 2:55 p.m.•7 views

EUVD-2018-21933

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS6.1AI score0.0027EPSS

NVD•added 2026/05/30 8:16 a.m.•13 views

CVE-2026-10111

7.5CVSS0.00254EPSS

Exploits0References5

EUVD•added 2026/05/30 7:45 a.m.•9 views

EUVD-2026-33450

7.5CVSS6.7AI score0.00254EPSS

Exploits0References5

CNNVD•added 2026/05/30 12:0 a.m.•5 views

Student-Management-System SQL注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Version 1.0 of Student-Management-System has a SQL injection vulnerability; this vulnerability stems from the email parameter on the login page, which may lead to remote attacks...

7.5CVSS7.2AI score0.00254EPSS