Lucene search
K

613 matches found

CVE
CVE
added yesterday9 views

CVE-2026-15559

CodeAstro Simple Online Leave Management System 1.0 contains a SQL injection vulnerability in the POST handler: /SimpleOnlineLeave/admin/accept.php, caused by manipulating the argument appid. This allows remote exploitation and is publicly available. The CVE documents do not provide patch/version...

6.5CVSS6.5AI score
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-15558

CodeAstro Simple Online Leave Management System 1.0 is affected by CVE-2026-15558. The vulnerability resides in /admin/deletemp.php where manipulation of the ID parameter leads to SQL injection. The issue allows remote exploitation, and public exploit disclosure increases risk. The CVSS metrics i...

6.5CVSS6.5AI score
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-15523

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS0.002EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday33 views

CVE-2026-15523 CodeAstro Simple Online Leave Management System dashboard.php sql injection

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-43265

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-15523

CVE-2026-15523 affects CodeAstro Simple Online Leave Management System 1.0. The vulnerability is in the /SimpleOnlineLeave/admin/dashboard.php file, where manipulation of the Name argument enables SQL injection. The issue can be triggered remotely and a public exploit is available. The supplied s...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57808

Name of the Vulnerable Software and Affected Versions CodeAstro Simple Online Leave Management System version 1.0 Description Remote SQL injection is possible due to improper handling of the ID variable in the '/SimpleOnlineLeave/admin/deletemp.php' endpoint. SQL injection is a technique where an...

6.5CVSS6.7AI score
Exploits0References9
CVE
CVE
added 5 days ago8 views

CVE-2026-59715

Affected software: Open WebUI self-hosted AI platform. Vulnerability: Unauthenticated access to collaborative-document Socket.IO handlers (ydoc:awareness:update, ydoc:document:leave) that accepted events without authenticated user, enabling unauthorized manipulation of document collaboration stat...

6.5CVSS5.9AI score0.00222EPSS
Exploits1References4Affected Software1
CVE
CVE
added 5 days ago10 views

CVE-2026-9237

Summary: CVE-2026-9237 affects the WordPress plugin “Crew HRM” (Employee, Leave and Recruitment Management System). All versions up to 1.2.2 are vulnerable to an authorization bypass due to improper access verification. Authenticated users with subscriber-level access or higher can delete, archiv...

4.3CVSS6AI score0.00227EPSS
Exploits0References7
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42490

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-15134 CodeAstro Simple Online Leave Management System index.php sql injection

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added 6 days ago9 views

CVE-2026-15134

CodeAstro Simple Online Leave Management System 1.0 contains a SQL injection vulnerability in the /SimpleOnlineLeave/index.php endpoint, triggered by manipulating the email parameter. The issue is exploitable remotely over the network, with Proof-of-Concept exploits observed. The CVSS data indica...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 3:16 a.m.11 views

CVE-2026-13525

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 2:0 a.m.7 views

CVE-2026-13525

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.10 views

CVE-2026-53245

In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribute parsing in mrppduparsevecattr In mrppduparsevecattr, vector attribute events are encoded three per byte and valen tracks the number of events left to process. The parser decrements valen after...

5.5CVSS0.00128EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53245

In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribute parsing in mrppduparsevecattr In mrppduparsevecattr, vector attribute events are encoded three per byte and valen tracks the number of events left to process. The parser decrements valen after...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References11
OSV
OSV
added 2026/06/19 9:42 p.m.9 views

GHSA-97PR-9HGG-3P8R parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change

Impact A Parse Server LiveQuery subscriber can receive object field values they are not authorized to read when a single save changes both an object field and the subscriber's ACL read access to that object. When such a save removes the subscriber's read access, the resulting leave event still...

2.3CVSS5.9AI score0.00386EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.13 views

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.14 views

CVE-2026-11508

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.14 views

CVE-2026-11509

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/searchstaffforupdation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote...

6.5CVSS5.5AI score0.00192EPSS
Exploits0References1
Rows per page
Query Builder