Lucene search
K

1025 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-41740

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /editexam.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-14732

The CVE concerns SourceCodester Class and Exam Timetabling System 1.0, where manipulating the ID parameter in /edit_exam.php enables SQL injection. The issue is exploitable remotely, with publicly disclosed exploit. CVSS metrics indicate network access, low attack complexity, no privileges requir...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-55736

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description Cross site scripting occurs due to the manipulation of the ID argument within the '/admin/remove-user.php' endpoint. This issue allows a remote attacker to execute malicious scripts i...

5.3CVSS5.8AI score0.00443EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-12657 LatePoint <= 5.6.2 - Unauthenticated Insecure Direct Object Reference to Arbitrary Creation via 'service_id' Parameter

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.2 via the 'serviceid' parameter due to missing validation on a user controlled key. This makes it possible for...

5.3CVSS0.00381EPSS
Exploits0References12
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-34111 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac_text.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmactext.php line 18 without sanitization: exec"php jobs/speechaudiomactext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00549EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-34098 Guardian Language-System XSS via id Parameter in media.php

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40906

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.9.1 via the 'userId' parameter due to missing validation on a user controlled key. This makes it possible for...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-54736

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. The issue occurs because the application passes the id GET parameter directly in...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 5:22 p.m.34 views

CVE-2026-57955 SigNoz 0.130.1 - SQL Injection in Alert History Endpoints via Rule ID Parameter

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 12:0 p.m.7 views

EUVD-2026-40076

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
NVD
NVD
added 2026/06/27 8:16 a.m.15 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS0.00271EPSS
Exploits0References14
CVE
CVE
added 2026/06/26 7:39 p.m.12 views

CVE-2026-44732

OpenProject vulnerability CVE-2026-44732 affects the web-based project management tool prior to versions 17.3.2 and 17.4.0. The flaw occurs in the /api/v3/documents/{id} PATCH endpoint, where attacker-controlled attributes are applied to the persisted record before authorization checks, allowing ...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.34 views

CVE-2026-12094 Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS0.00295EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:45 p.m.5 views

EUVD-2019-20197

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the dealid parameter. Attackers can send GET requests to index.php with option=comjoomcrm&view=contacts and inject SQL...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.12 views

CVE-2017-20257

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flagquestion task. Attackers can inject malicious SQL code via the stuquizid or flagquest parameters to manipulate database...

8.8CVSS0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 3:37 p.m.25 views

CVE-2017-20258 Joomla! Component RPC Responsive Portfolio 1.6.1 SQL Injection

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...

8.8CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 4:13 p.m.11 views

EUVD-2026-37912

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:13 p.m.22 views

CVE-2026-54105

The CVE concerns CVE-2026-54105 affecting the GAO EPDS and CBCA EDS systems. The vulnerability arises from the update-profile/ API endpoint, where a remote, unauthenticated attacker can supply an arbitrary user_id and receive a JSON response containing account-specific information, including the ...

6.9CVSS5.3AI score0.003EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:31 a.m.19 views

CVE-2026-12120

The CVE-2026-12120 entry describes a vulnerability in the WordPress plugin FireBox Popups – Increase Sales and Grow Your Email List. Affected versions are all up to and including 3.1.7, with exploitation via the form_id parameter allowing unauthenticated attackers to retrieve a full CSV export of...

5.3CVSS5.5AI score0.00331EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/15 12:0 p.m.7 views

EUVD-2016-10884

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Rows per page
Query Builder