Lucene search
K

294 matches found

NVD
NVD
added 2026/07/05 3:16 p.m.9 views

CVE-2026-14756

A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/addtour.php of the component Tour Management Page. The manipulation of the argument deleteimage results in sql injection. The attack may be launche...

7.5CVSS0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 2:0 p.m.8 views

EUVD-2026-41760

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.12 views

PT-2026-55804

Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Tour Management Page component within the '/admin/add tour.php' endpoint. Remote attackers can perform a SQL injection by manipulating the delete image...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References10
NVD
NVD
added 2026/07/02 6:16 a.m.10 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00235EPSS
Exploits0References9
CVE
CVE
added 2026/07/02 5:35 a.m.17 views

CVE-2026-13704

Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.8 views

CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References10
CVE
CVE
added 2026/06/29 9:0 a.m.14 views

CVE-2026-13553

The CVE-2026-13553 vulnerability affects itsourcecode Online Hotel Management System 1.0, specifically an unknown function in /admin/mod_amenities/controller.php?action=add. A manipulation of the image parameter enables unrestricted file upload, which can be triggered remotely. The exploit has be...

7.5CVSS6.8AI score0.00474EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 1:16 p.m.11 views

CVE-2016-20064

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS0.00671EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 11:48 a.m.20 views

CVE-2016-20064

CVE-2016-20064 affects WP Vault 0.8.6.6, where an unauthenticated attacker can trigger a local file inclusion via an unescaped wpv-image GET parameter. The vulnerability allows traversal to access sensitive files (e.g., system configuration) due to improper handling in the include function. Accor...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.9 views

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.27 views

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS0.00671EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

WordPress plugin WP Vault 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

7.5CVSS5.6AI score0.00715EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 3:16 p.m.21 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

7.5CVSS0.00715EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Follett Destiny Library Manager 安全漏洞

Follett Destiny Library Manager is a school library resource and collection management system developed by the Follett company in the United States. The version 2202rc1 of Follett Destiny Library Manager contains security vulnerabilities. These vulnerabilities are due to directory traversal...

7.5CVSS6AI score0.00715EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42770

Directory traversal in Follett Software's Destiny Library Manager 22 0 2 rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

6AI score0.00715EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:0 a.m.9 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

7.5CVSS6AI score0.00715EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 12:0 a.m.12 views

EUVD-2025-209923

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

7.5CVSS6AI score0.00715EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 12:0 a.m.9 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

6AI score0.00715EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 12:0 a.m.13 views

CVE-2025-45145

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

0.00715EPSS
Exploits0References1
Rows per page
Query Builder