Lucene search
K

853 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-15134

CodeAstro Simple Online Leave Management System 1.0 contains a SQL injection vulnerability in the /SimpleOnlineLeave/index.php endpoint, triggered by manipulating the email parameter. The issue is exploitable remotely over the network, with Proof-of-Concept exploits observed. The CVSS data indica...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added last week9 views

EUVD-2026-41565

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=viewstudent of the component POST Handler. The manipulation of the argument ID leads to authorization...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55582

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description An authorization bypass exists in the POST Handler component. Remote exploitation is possible by manipulating the ID variable within the...

5.3CVSS6AI score0.00223EPSS
Exploits0References10
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-13569

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS0.0021EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/29 1:0 p.m.7 views

EUVD-2026-40089

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS5.6AI score0.0021EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/19 4:1 p.m.6 views

EUVD-2017-18992

Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comflipwall&task=click&wallid...

7.1CVSS6.2AI score0.00241EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 4:1 p.m.35 views

CVE-2017-20265 Joomla! Component Flip Wall 8.0 SQL Injection

Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comflipwall&task=click&wallid...

7.1CVSS0.00241EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:24 p.m.6 views

CVE-2017-20254

Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=comuserbench&view=detail&userid...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 2:13 p.m.9 views

Malicious code in new-ts-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3721ae4cecdfa22793382d07d28a25ba5fabd54ac405cb94e642a1f96faee80 index.js imports childprocess and at lines 101 and 117 invokes execSync to run bash and zsh commands. Lines 9, 194, and 195 use Buffer.from...,...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50951

Name of the Vulnerable Software and Affected Versions Joomla! Component Twitch Tv version 1.1 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the username and id parameters. Attackers can send GET...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50526

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description Improper access controls exist within the Student Self-Registration Endpoint in the /index.php file. This flaw allows for remote exploitation,...

7.5CVSS7.2AI score0.00284EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/15 2:15 a.m.11 views

EUVD-2026-36683

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is...

6.9CVSS5.4AI score0.00314EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/13 11:15 p.m.32 views

CVE-2026-12176 SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out...

5.3CVSS0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.15 views

PT-2026-49101

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description Cross site scripting is possible through the remote manipulation of the action argument within an unknown function of the '/index.php' endpoint...

5.3CVSS4.8AI score0.00265EPSS
Exploits0References11
NVD
NVD
added 2026/06/09 9:17 p.m.14 views

CVE-2026-25557

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS0.00187EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.13 views

CVE-2026-11471

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

7.5CVSS7AI score0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-48266

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/08 7:0 p.m.36 views

CVE-2026-11582 CodeAstro Student Attendance Management System index.php sql injection

A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has bee...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:45 p.m.8 views

CVE-2026-11530

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

7.5CVSS7AI score0.00328EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 3:45 p.m.8 views

CVE-2026-11530 imvks786 student_management_system Login index.ph sql injection

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

7.5CVSS7AI score0.00328EPSS
Exploits0References6
Rows per page
Query Builder