Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

220547 matches found

NVD
NVDadded 2026/06/15 2:16 a.m.8 views

CVE-2026-12207

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...

5.3CVSS0.00226EPSS
Exploits0References5
NVD
NVDadded 2026/06/15 2:16 a.m.9 views

CVE-2026-12202

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS0.00214EPSS
Exploits0References6
CVE
CVEadded 2026/06/15 2:15 a.m.13 views

CVE-2026-12209

Technical details are not publicly available in the provided documents; monitor for updates.

6.9CVSS5.5AI score0.00314EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/15 2:0 a.m.7 views

EUVD-2026-36682

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS5.5AI score0.00314EPSS
Exploits0References5
CVE
CVEadded 2026/06/15 2:0 a.m.15 views

CVE-2026-12208

CVE-2026-12208 affects the jsonata-js package (up to 2.2.0) in the Function Binding Frame System. The vulnerability is in the function createFrame (src/jsonata.js) where an attacker can perform a prototype pollution attack by manipulating object prototype attributes. This can be triggered remotel...

6.9CVSS5.6AI score0.00314EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/06/15 1:45 a.m.34 views

CVE-2026-12207 medkey-org medkey HTTP REST API PatientController.php actionGetPatientById resource injection

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...

5.3CVSS0.00226EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/15 1:45 a.m.11 views

EUVD-2026-36681

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...

5.3CVSS5AI score0.00226EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/06/15 1:30 a.m.6 views

CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.2AI score0.00196EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/15 1:30 a.m.8 views

EUVD-2026-36680

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References5
CVE
CVEadded 2026/06/15 1:30 a.m.17 views

CVE-2026-12206

Grit42 Grit (up to 0.11.0) contains a SQL injection in Grit::Assays::DataTableEntity (modules/assays/backend/app/models/grit/assays/data_table_entity.rb). The issue can be exploited remotely; a publicly available exploit exists. The vendor was contacted but did not respond. No remediation or vers...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References5
NVD
NVDadded 2026/06/15 1:16 a.m.12 views

CVE-2026-12200

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

7.5CVSS0.00324EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/06/15 1:15 a.m.37 views

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS0.00292EPSS
Exploits0References5
CVE
CVEadded 2026/06/15 1:15 a.m.17 views

CVE-2026-12204

Summary : CVE-2026-12204 affects ShopXO up to version 6.7.1. The vulnerability resides in the Scheduled Task Endpoint, notably the file app/api/controller/Crontab.php, affecting functions OrderClose, OrderSuccess, PayLogOrderClose, and GoodsGiveIntegral. The issue allows remote manipulation that ...

7.5CVSS7.1AI score0.00292EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/06/15 1:15 a.m.6 views

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS7AI score0.00292EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/15 1:0 a.m.11 views

EUVD-2026-36678

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS5.4AI score0.00402EPSS
Exploits0References9
Cvelist
Cvelistadded 2026/06/15 12:45 a.m.30 views

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS0.00214EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/15 12:45 a.m.6 views

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS3.7AI score0.00214EPSS
Exploits0References6
CVE
CVEadded 2026/06/15 12:45 a.m.11 views

CVE-2026-12202

Intelliants Subrion CMS (up to 4.0.3) is affected via the Blocks Endpoint, where manipulating the CSS class name can trigger cross-site scripting. The issue is exploitable remotely and a public exploit exists. Vendor did not respond to disclosure. Based on linked CVSS data, the impact is limited ...

4.8CVSS3.3AI score0.00214EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/15 12:31 a.m.10 views

EUVD-2026-36668

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References7
EUVD
EUVDadded 2026/06/15 12:31 a.m.8 views

EUVD-2026-36673

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

8.6CVSS7AI score0.02385EPSS
Exploits0References6
Rows per page
Query Builder