CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2 days ago•3 views

UBUNTU-CVE-2026-52935

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

5.8AI score0.00164EPSS

Exploits0References11

RedhatCVE•added 2026/06/09 8:59 a.m.•13 views

CVE-2026-11488

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

CVE•added 2026/06/08 4:30 a.m.•20 views

CVE-2026-11488

The CVE-2026-11488 entry concerns code-projects Simple Flight Ticket Booking System 1.0. It identifies a SQL injection in the POST Parameter Handler, specifically in checkUser.php via the Username argument. Impact is limited to confidentiality and integrity with a low severity in CVSS metrics, an...

Vulnrichment•added 2026/06/08 4:30 a.m.•7 views

CVE-2026-11488 code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection

EUVD•added 2026/06/08 4:30 a.m.•13 views

EUVD-2026-35019

Cvelist•added 2026/06/08 4:30 a.m.•37 views

CVE-2026-11488 code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection

7.5CVSS0.00275EPSS

ATTACKERKB•added 2026/06/08 4:30 a.m.•6 views

CVE-2026-11488

Exploits0References6Affected Software1

CNNVD•added 2026/06/08 12:0 a.m.•6 views

Code-Projects Simple Flight Ticket Booking System 注入漏洞

Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the code-projects Simple Flight Ticket Booking System has a vulnerability due to incorrect handling of the Username parameter in the POST Parameter Handler...

7.5CVSS7.5AI score0.00275EPSS

Positive Technologies•added 2026/06/08 12:0 a.m.•13 views

PT-2026-47250

Name of the Vulnerable Software and Affected Versions Simple Flight Ticket Booking System version 1.0 Description An issue exists in the POST Parameter Handler component within the checkUser.php file. Remote manipulation of the Username parameter allows for SQL injection, a technique where...

7.5CVSS7.4AI score0.00275EPSS

Exploits0References11

GithubExploit•added 2026/06/05 11:9 p.m.•64 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenti...

10CVSS8AI score0.99562EPSS

Exploits384

RedhatCVE•added 2026/06/05 7:30 p.m.•8 views

CVE-2026-42597

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS5.4AI score0.00251EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:30 p.m.•8 views

CVE-2026-42549

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

4.4CVSS5.5AI score0.00154EPSS

RedhatCVE•added 2026/06/05 7:16 p.m.•6 views

CVE-2026-42551

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...

7.5CVSS5.5AI score0.0031EPSS

RedhatCVE•added 2026/06/05 7:16 p.m.•9 views

CVE-2026-42548

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that...

8.6CVSS5.1AI score0.00341EPSS

EUVD•added 2026/05/27 3:33 p.m.•12 views

EUVD-2026-32321

In the Linux kernel, the following vulnerability has been resolved: ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, atascsiqcissue indicates to the SCSI layer that the command issuing should be deferred by returning...

5.9AI score0.00215EPSS

Exploits0References5

NVD•added 2026/05/27 2:17 p.m.•13 views

CVE-2026-46090

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

7.8CVSS0.00129EPSS