465293 matches found
CVE-2026-15135
A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /editfooditems.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...
CVE-2026-15137
A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2026-15134
A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...
CVE-2026-15137
A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2026-15137 code-projects Interview Management System View.php sql injection
A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2026-15135
The CVE-2026-15135 describes a SQL injection in code-projects Online Food Order System 1.0, affecting edit_food_items.php. The flaw arises from unsafely handling the update parameter, enabling remote exploitation. Public exploit availability is indicated, with CVSS metrics showing high impact on ...
CVE-2026-15135 code-projects Online Food Order System edit_food_items.php sql injection
A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /editfooditems.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...
CVE-2026-54776
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...
CVE-2026-15105
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...
CVE-2026-15134
CodeAstro Simple Online Leave Management System 1.0 contains a SQL injection vulnerability in the /SimpleOnlineLeave/index.php endpoint, triggered by manipulating the email parameter. The issue is exploitable remotely over the network, with Proof-of-Concept exploits observed. The CVSS data indica...
CVE-2026-15134
A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...
CVE-2026-15134 CodeAstro Simple Online Leave Management System index.php sql injection
A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...
EUVD-2026-42468
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...
CVE-2026-15105
CVE-2026-15105 affects davenardella snap7 up to 1.4.3. The flaw resides in TS7Worker::PerformFunctionRead (src/core/s7_server.cpp) within the ReadVar Request Handler, causing deserialization. Exploitation requires local-network access and a public exploit has been published. The project was infor...
CVE-2026-15105 davenardella snap7 ReadVar Request s7_server.cpp PerformFunctionRead deserialization
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...
CVE-2026-54776 CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...
CVE-2026-54776
CoreWCF (UnixDomainSocket transport) with PosixIdentity client credentials is affected by a vulnerability where connections can bypass the framing-layer identity checks by skipping the application/unixposix stream upgrade before message dispatch. Affected versions include CoreWCF prior to 1.8.1 a...
Malicious code in none123s (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3a801f5544cdc371f8881fecdec89a94ddc07a32db29996aac125c9614300ce6 The OpenSSF Package Analysis project identified 'none123s' @ 0.1.7 npm as malicious. It is considered malicious because: - The package...
CVE-2026-5922 Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack
The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...
CVE-2026-5923 Poly Voice – Potential Unauthorized Modification of WebUI using CSRF Attack
Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...