Lucene search
K

132 matches found

CVE
CVE
added 2026/07/08 12:33 p.m.11 views

CVE-2026-5459

The CVE-2026-5459 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration” up to version 4.3.1. The vulnerability is an Insecure Direct Object Reference in the payment_page() function caused by missing validation on ...

5.3CVSS5.9AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53843

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ Web Console versions prior to 5.19.8 Apache ActiveMQ Web Console versions 6.0.0 through 6.2.6 Description An issue exists where the browse pa...

6.1CVSS6AI score0.00667EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45351

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topic id causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References7
NVD
NVD
added 2026/05/15 12:17 p.m.10 views

CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

6.5CVSS0.00243EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/09 12:13 a.m.12 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTMLRenderer heading rendering path in the HTML renderer. An attacker can inject arbitrary HTML by supplying a heading id attribute value that contains quotes and markup. The rendered output can be alter...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/13 2:15 a.m.39 views

CVE-2026-6151 code-projects Vehicle Showroom Management System PaymentStatusFunction.php sql injection

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMERID results in sql injection. It is possible to launch the attack remotely. The exploit h...

7.5CVSS0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/04/10 8:30 a.m.9 views

CVE-2026-6037

CVE-2026-6037 affects Code-Projects’ Vehicle Showroom Management System 1.0. The vulnerability is in the /util/AddVehicleFunction.php function where manipulation of BRANCH_ID enables SQL injection. Exploitation is remote and a public exploit has been disclosed. No remediation details are provided...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/04/10 7:45 a.m.13 views

CVE-2026-6034

The CVE-2026-6034 entry concerns code-projects Vehicle Showroom Management System 1.0. The vulnerability affects the file /BranchManagement/ProfitAndLossReport.php where manipulating the BRANCH_ID parameter enables cross-site scripting. The description indicates a remote attack is possible and th...

5.3CVSS4.2AI score0.00337EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/28 11:30 a.m.31 views

CVE-2026-4996 Sinaptik AI PandasAI pandasai-lancedb Extension lancedb.py get_relevant_docs_by_id sql injection

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/24 8:55 p.m.24 views

CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/25 5:2 a.m.6 views

CVE-2026-3152 itsourcecode College Management System teacher-salary.php sql injection

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

7.5CVSS5.4AI score0.00379EPSS
Exploits1References5
OSV
OSV
added 2026/02/24 2:32 a.m.9 views

CVE-2026-3064 HummerRisk Cloud Task Scheduler ResourceCreateService.java command injection

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

5.3CVSS6.1AI score0.19135EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.9 views

CVE-2026-2114

A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/editadmin.php. The manipulation of the argument adminid results in sql injection. The attack may be performed from remote. The exploit is now public and may be us...

9.8CVSS7.2AI score0.00381EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/13 8:35 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the issuuid parameter hangling. An attacker can cause excessive CPU consumption and degrade service...

6.7CVSS6.7AI score0.00107EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:33 a.m.10 views

CVE-2017-18878

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

4.3CVSS6.9AI score0.0077EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.10 views

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

8.8CVSS6.4AI score0.00865EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 8:32 p.m.24 views

CVE-2026-0728

The CVE-2026-0728 entry describes a SQL injection in code-projects Intern Membership Management System 1.0, via the admin_id parameter in /intern/admin/delete_admin.php. The issue is remotely exploitable and exploits have been publicly disclosed. No remediation/fix details are provided in the con...

7.2CVSS6.8AI score0.00389EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:36 a.m.15 views

CVE-2019-7280

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication...

8.8CVSS7AI score0.02352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 6:54 p.m.9 views

CVE-2025-14570

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewadmin.php. This manipulation of the argument adminid causes sql injection. The attack may be initiated remotely. The exploit has been publishe...

9.8CVSS7.3AI score0.00399EPSS
Exploits1References1
CVE
CVE
added 2025/11/19 11:32 p.m.24 views

CVE-2025-13422

CVE-2025-13422 affects freeprojectscodes Sports Club Management System 1.0. The vulnerable element is an unknown function in /dashboard/admin/change_s_pwd.php where manipulating the login_id parameter triggers SQL injection. The vulnerability is remotely exploitable and the exploit is public. Doc...

9.8CVSS6.8AI score0.00394EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder