Lucene search
K

465293 matches found

NVD
NVD
added 31 minutes ago3 views

CVE-2026-15135

A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /editfooditems.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS
Exploits0References6
NVD
NVD
added 31 minutes ago3 views

CVE-2026-15137

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS
Exploits0References6
NVD
NVD
added 31 minutes ago3 views

CVE-2026-15134

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS
Exploits0References6
CVE
CVE
added 47 minutes ago4 views

CVE-2026-15137

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS5.9AI score
Exploits0References6
Cvelist
Cvelist
added 47 minutes ago4 views

CVE-2026-15137 code-projects Interview Management System View.php sql injection

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS
Exploits0References6
CVE
CVE
added yesterday4 views

CVE-2026-15135

The CVE-2026-15135 describes a SQL injection in code-projects Online Food Order System 1.0, affecting edit_food_items.php. The flaw arises from unsafely handling the update parameter, enabling remote exploitation. Public exploit availability is indicated, with CVSS metrics showing high impact on ...

7.5CVSS6.8AI score
Exploits0References6
Cvelist
Cvelist
added yesterday4 views

CVE-2026-15135 code-projects Online Food Order System edit_food_items.php sql injection

A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /editfooditems.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS
Exploits0References6
NVD
NVD
added yesterday2 views

CVE-2026-54776

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...

4.4CVSS
Exploits0References6
NVD
NVD
added yesterday3 views

CVE-2026-15105

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS
Exploits0References7
CVE
CVE
added yesterday4 views

CVE-2026-15134

CodeAstro Simple Online Leave Management System 1.0 contains a SQL injection vulnerability in the /SimpleOnlineLeave/index.php endpoint, triggered by manipulating the email parameter. The issue is exploitable remotely over the network, with Proof-of-Concept exploits observed. The CVSS data indica...

7.5CVSS6.9AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-15134

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS6.9AI score
Exploits0References6Affected Software1
Cvelist
Cvelist
added yesterday4 views

CVE-2026-15134 CodeAstro Simple Online Leave Management System index.php sql injection

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday1 views

EUVD-2026-42468

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS5.5AI score
Exploits0References7
CVE
CVE
added yesterday3 views

CVE-2026-15105

CVE-2026-15105 affects davenardella snap7 up to 1.4.3. The flaw resides in TS7Worker::PerformFunctionRead (src/core/s7_server.cpp) within the ReadVar Request Handler, causing deserialization. Exploitation requires local-network access and a public exploit has been published. The project was infor...

6.3CVSS6.2AI score
Exploits0References7
Cvelist
Cvelist
added yesterday2 views

CVE-2026-15105 davenardella snap7 ReadVar Request s7_server.cpp PerformFunctionRead deserialization

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS
Exploits0References7
Cvelist
Cvelist
added yesterday5 views

CVE-2026-54776 CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...

4.4CVSS
Exploits0References6
CVE
CVE
added yesterday15 views

CVE-2026-54776

CoreWCF (UnixDomainSocket transport) with PosixIdentity client credentials is affected by a vulnerability where connections can bypass the framing-layer identity checks by skipping the application/unixposix stream upgrade before message dispatch. Affected versions include CoreWCF prior to 1.8.1 a...

4.4CVSS6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in none123s (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3a801f5544cdc371f8881fecdec89a94ddc07a32db29996aac125c9614300ce6 The OpenSSF Package Analysis project identified 'none123s' @ 0.1.7 npm as malicious. It is considered malicious because: - The package...

5.9AI score
Exploits0
Cvelist
Cvelist
added yesterday4 views

CVE-2026-5922 Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2026-5923 Poly Voice – Potential Unauthorized Modification of WebUI using CSRF Attack

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS
Exploits0References1
Rows per page
Query Builder