Lucene search
K

3250 matches found

Cvelist
Cvelist
added yesterday24 views

CVE-2026-15490 RafyMrX TOKO-ONLINE-ROTI add.php sql injection

A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kodeproduk/kdcs results in sql injection. The attack can be executed...

7.5CVSS0.00494EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42493

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 5 days ago9 views

CVE-2026-15134

CodeAstro Simple Online Leave Management System 1.0 contains a SQL injection vulnerability in the /SimpleOnlineLeave/index.php endpoint, triggered by manipulating the email parameter. The issue is exploitable remotely over the network, with Proof-of-Concept exploits observed. The CVSS data indica...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56062

SQLChatAgent validate query dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allow dangerous operations=False, combines a raw-text regex blocklist DANGEROUS SQL PATTERNS with a sqlglot SELECT-only...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/05 4:45 a.m.9 views

EUVD-2026-41726

A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.14 views

PT-2026-55783

Name of the Vulnerable Software and Affected Versions code-projects Smart Parking System version 1.0 Description An issue exists in the /parkings/parkings.php file where improper handling of the street, city, and status arguments allows for remote SQL injection. SQL injection is a technique where...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References10
OSV
OSV
added 2026/07/04 7:0 p.m.6 views

CVE-2026-14647 onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...

5.3CVSS5.4AI score0.00253EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.38 views

CVE-2025-71366 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS0.00445EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 8:0 p.m.9 views

EUVD-2026-41565

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=viewstudent of the component POST Handler. The manipulation of the argument ID leads to authorization...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55582

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description An authorization bypass exists in the POST Handler component. Remote exploitation is possible by manipulating the ID variable within the...

5.3CVSS6AI score0.00223EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2025-210390

picklescan before 0.0.30 fails to detect the doctest.debugscript function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debugscript calls that bypass picklescan detection and execute arbitrary command...

8.1CVSS6.1AI score0.00769EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 7:36 p.m.33 views

CVE-2026-12086 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00101EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.11 views

EulerOS 2.0 SP15 : vim (EulerOS-SA-2026-2513)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on...

8.2CVSS7.5AI score0.01162EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/26 10:59 p.m.7 views

EUVD-2026-39492

pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...

7.3CVSS5.8AI score0.0027EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/25 4:53 p.m.5 views

Insecure Temporary File

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Insecure Temporary File via the...

6.1CVSS6AI score0.00149EPSS
Exploits0References3
OSV
OSV
added 2026/06/20 6:49 a.m.2 views

SUSE-SU-2026:22187-1 Security update for perl-HTTP-Daemon

This update for perl-HTTP-Daemon fixes the following issue - CVE-2026-8450: HTTP: Daemon versions before 6.17 for Perl allow OS command injection via sendfile bsc1266370...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 3:27 p.m.29 views

CVE-2026-1288

The CVE-2026-1288 entry concerns Autodesk Revit. A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Revit, can trigger a NULL pointer dereference in the processing path. Exploitation may crash the application, resulting in a denial-of-service condition. The pr...

5.5CVSS5.3AI score0.00116EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/17 2:4 p.m.7 views

Insertion of Sensitive Information into Log File

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the error handling process for certain API and WebSocket routes, where unsanitized exception...

6.9CVSS5.8AI score0.00796EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.17 views

PT-2026-49101

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description Cross site scripting is possible through the remote manipulation of the action argument within an unknown function of the '/index.php' endpoint...

5.3CVSS4.8AI score0.00265EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48465

Summary Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftp internal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp internal:handle ctrl result/2 PASV handler mode=passive, ipfamily=inet, ftp extension=false extracts the IP address...

6.3CVSS5.6AI score0.00234EPSS
Exploits0References7
Rows per page
Query Builder