62736 matches found
CVE-2026-15318
CVE-2026-15318 affects Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in the MQTT Channel Handler, specifically in the file pkg/channels/mqtt/mqtt.go, where manipulation of the client_id argument leads to incorrect authorization. The issue can be exploited remotely, and public exploi...
CVE-2026-15317
Sipeed PicoClaw
EUVD-2026-42624
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...
CVE-2026-59939
creationtimestamp| type| source ---|---|--- 2026-07-09 16:00:46+00:00| seen| https://www.acn.gov.it/portale/w/httplib2-poc-pubblico-per-lo-sfruttamento-della-cve-2026-59939 2026-07-10 01:00:48+00:00| seen|...
EUVD-2026-42615
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...
CVE-2026-15190
CVE-2026-15190 affects SourceCodester Simple and Nice Shopping Cart Script 1.0. The vulnerability is a SQL injection in an unknown area of /login.php triggered by manipulating the Username parameter. Remote exploitation is possible, and publicly available exploits exist. The CVSS metrics indicate...
CVE-2026-15190 SourceCodester Simple and Nice Shopping Cart Script login.php sql injection
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...
EUVD-2026-42585
A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...
CVE-2026-15186
The CVE-2026-15186 vulnerability affects macrozheng mall (up to version 1.0.3) in the Portal Endpoint’s /returnApply/create function, where manipulating the orderId can lead to improper control of resource identifiers. This is a network-exposed issue with a low- to medium-severity CVSS range (bas...
EUVD-2026-42493
A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2026-15137 code-projects Interview Management System View.php sql injection
A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2026-15117
Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-15126
Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-15123
CVE-2026-15123 describes an inappropriate DOM implementation in Google Chrome, prior to 150.0.7871.115, that may allow remote heap corruption via a crafted HTML page. All connected documents confirm the issue in the Chrome DOM, with the impact labeled High and CVE-2026-15123 consistently cited ac...
CVE-2026-15117
CVE-2026-15117 affects Google Chrome (Payments component). A use-after-free in Payments can lead to heap corruption when a user is convinced to perform specific UI gestures on a crafted HTML page. Affected version: before 150.0.7871.115. The issue is triggered by interactions with the UI and can ...
CVE-2026-5923
Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...
CVE-2026-15105
CVE-2026-15105 affects davenardella snap7 up to 1.4.3. The flaw resides in TS7Worker::PerformFunctionRead (src/core/s7_server.cpp) within the ReadVar Request Handler, causing deserialization. Exploitation requires local-network access and a public exploit has been published. The project was infor...
CVE-2026-15034
CVE-2026-15034 affects the Flask-MonitoringDashboard component of the Flask-dashboard project up to version 5.0.2. The issue is described as a cross-site request forgery (CSRF) affecting an unknown functionality, with the attack potentially executable remotely. Public exploit information is indic...
kernel: eventpoll: fix ep_remove struct eventpoll / struct file UAF
A flaw was found in the Linux kernel's eventpoll mechanism. A Use-After-Free UAF vulnerability, where the system attempts to access memory after it has been freed, can occur during the removal of a file. A local attacker could exploit this race condition to corrupt memory, potentially leading to...
Atom CMS v2.0 - SQL Injection
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. id: CVE-2022-24223 info: name: Atom CMS v2.0 - SQL Injection author: theamanrawat severity: critical description: | AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php...