Lucene search
+L

76 matches found

euvd
euvd
added 6 days ago7 views

EUVD-2026-43156

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS6.2AI score0.00361EPSS
Exploits0References12
cve
cve
added 2026/06/18 11:37 p.m.107 views

CVE-2026-12046

CVE-2026-12046: pgAdmin 4 exposes unauthenticated deserialization sink in SQL Editor close and update_connection routes (DELETE /sqleditor/close/, POST /sqleditor/initialize/sqleditor/update_connection///). Missing @pga_login_required allows unauthenticated access to pickle.loads on session['grid...

9.5CVSS6.8AI score0.0071EPSS
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:34 p.m.10 views

CVE-2026-10225

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

7.5CVSS7AI score0.00263EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/01 4:45 a.m.12 views

CVE-2026-10225 raisulislamg4 student_management_system_by_php Login login_check.php sql injection

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
euvd
euvd
added 2026/06/01 4:45 a.m.14 views

EUVD-2026-33558

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References6
cve
cve
added 2026/06/01 4:45 a.m.27 views

CVE-2026-10225

The CVE describes a SQL injection in the raisulislamg4 student_management_system_by_php, affecting the Login component via login_check.php when manipulating the Username argument. The issue is exploitable remotely over a NETWORK attack vector with LOW attack complexity and NO privileges required,...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/01 4:45 a.m.39 views

CVE-2026-10225 raisulislamg4 student_management_system_by_php Login login_check.php sql injection

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

7.5CVSS0.00263EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/01 4:45 a.m.14 views

CVE-2026-10225

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/29 1:7 p.m.14 views

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/05/29 1:7 p.m.3 views

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References3
cve
cve
added 2026/05/29 1:7 p.m.25 views

CVE-2026-45620

Technical details for CVE-2026-45620 are not publicly available in the provided connected documents. Monitor for updates.

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/05/18 1:30 p.m.9 views

GHSA-VPFX-PXQW-2W79 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References4
github
github
added 2026/05/18 1:30 p.m.19 views

AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
redhatcve
redhatcve
added 2026/04/14 7:23 p.m.5 views

CVE-2026-6165

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References1
nvd
nvd
added 2026/04/13 6:16 a.m.4 views

CVE-2026-6165

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

7.5CVSS0.00254EPSS
Exploits0References5
cve
cve
added 2026/04/13 5:45 a.m.9 views

CVE-2026-6165

CVE-2026-6165 affects code-projects Vehicle Showroom Management System 1.0. The vulnerability resides in an unknown code path within /util/Login_check.php, where manipulating the argument ID can trigger SQL injection. Attacks can be launched remotely, and the exploit is publicly available (POC). ...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/04/13 5:45 a.m.2 views

CVE-2026-6165

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2026/04/13 5:45 a.m.2 views

CVE-2026-6165 code-projects Vehicle Showroom Management System Login_check.php sql injection

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

7.5CVSS7AI score0.00254EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/04/13 12:0 a.m.6 views

Code-Projects Vehicle Showroom Management System SQL注入漏洞

Code-Projects Vehicle Showroom Management System is an open-source automotive showroom management system developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/13 12:0 a.m.15 views

PT-2026-32276

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

7.5CVSS7AI score0.00254EPSS
Exploits0References6
Rows per page
Query Builder