Lucene search
K

62736 matches found

CVE
CVE
added 20 hours ago6 views

CVE-2026-15318

CVE-2026-15318 affects Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in the MQTT Channel Handler, specifically in the file pkg/channels/mqtt/mqtt.go, where manipulation of the client_id argument leads to incorrect authorization. The issue can be exploited remotely, and public exploi...

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added 21 hours ago9 views

CVE-2026-15317

Sipeed PicoClaw

7.5CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-42624

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS5.9AI score
Exploits0References6
Circl
Circl
added yesterday6 views

CVE-2026-59939

creationtimestamp| type| source ---|---|--- 2026-07-09 16:00:46+00:00| seen| https://www.acn.gov.it/portale/w/httplib2-poc-pubblico-per-lo-sfruttamento-della-cve-2026-59939 2026-07-10 01:00:48+00:00| seen|...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42615

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS6.8AI score
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-15190

CVE-2026-15190 affects SourceCodester Simple and Nice Shopping Cart Script 1.0. The vulnerability is a SQL injection in an unknown area of /login.php triggered by manipulating the Username parameter. Remote exploitation is possible, and publicly available exploits exist. The CVSS metrics indicate...

7.5CVSS6.9AI score
Exploits0References6
Cvelist
Cvelist
added yesterday28 views

CVE-2026-15190 SourceCodester Simple and Nice Shopping Cart Script login.php sql injection

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-42585

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS6.3AI score
Exploits0References6
CVE
CVE
added yesterday10 views

CVE-2026-15186

The CVE-2026-15186 vulnerability affects macrozheng mall (up to version 1.0.3) in the Portal Endpoint’s /returnApply/create function, where manipulating the orderId can lead to improper control of resource identifiers. This is a network-exposed issue with a low- to medium-severity CVSS range (bas...

6.5CVSS6.3AI score
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-42493

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday29 views

CVE-2026-15137 code-projects Interview Management System View.php sql injection

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS0.00263EPSS
Exploits0References6
NVD
NVD
added 2 days ago10 views

CVE-2026-15117

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00161EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-15126

Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00198EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2 days ago11 views

CVE-2026-15123

CVE-2026-15123 describes an inappropriate DOM implementation in Google Chrome, prior to 150.0.7871.115, that may allow remote heap corruption via a crafted HTML page. All connected documents confirm the issue in the Chrome DOM, with the impact labeled High and CVE-2026-15123 consistently cited ac...

8.8CVSS6AI score0.00161EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago17 views

CVE-2026-15117

CVE-2026-15117 affects Google Chrome (Payments component). A use-after-free in Payments can lead to heap corruption when a user is convinced to perform specific UI gestures on a crafted HTML page. Affected version: before 150.0.7871.115. The issue is triggered by interactions with the UI and can ...

7.5CVSS6AI score0.00161EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2 days ago6 views

CVE-2026-5923

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-15105

CVE-2026-15105 affects davenardella snap7 up to 1.4.3. The flaw resides in TS7Worker::PerformFunctionRead (src/core/s7_server.cpp) within the ReadVar Request Handler, causing deserialization. Exploitation requires local-network access and a public exploit has been published. The project was infor...

6.3CVSS6.2AI score0.00285EPSS
Exploits0References7
CVE
CVE
added 2 days ago9 views

CVE-2026-15034

CVE-2026-15034 affects the Flask-MonitoringDashboard component of the Flask-dashboard project up to version 5.0.2. The issue is described as a cross-site request forgery (CSRF) affecting an unknown functionality, with the attack potentially executable remotely. Public exploit information is indic...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2 days ago3 views

kernel: eventpoll: fix ep_remove struct eventpoll / struct file UAF

A flaw was found in the Linux kernel's eventpoll mechanism. A Use-After-Free UAF vulnerability, where the system attempts to access memory after it has been freed, can occur during the removal of a file. A local attacker could exploit this race condition to corrupt memory, potentially leading to...

7.8CVSS6.3AI score0.00125EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago107 views

Atom CMS v2.0 - SQL Injection

AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. id: CVE-2022-24223 info: name: Atom CMS v2.0 - SQL Injection author: theamanrawat severity: critical description: | AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php...

9.8CVSS7.2AI score0.61965EPSS
Exploits4References5
Rows per page
Query Builder