Lucene search
+L

147921 matches found

CVE
CVE
added yesterday7 views

CVE-2026-11763

CVE-2026-11763 describes an Authorization bypass through a user-controlled key in GisLab Laboratory Management System (GisLab) from version 1.4.03 to 08072026. The vulnerability allows bypass of access controls, with confidentiality impact reported as High while other impacts are not claimed. CVS...

6.5CVSS5.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday6 views

CVE-2026-8297 SQLi in GIS Informatics' GisLab Laboratory Management System

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...

9.8CVSS5.7AI score
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-45201

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...

9.8CVSS5.6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-8297 SQLi in GIS Informatics' GisLab Laboratory Management System

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...

9.8CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-8297

CVE-2026-8297 describes an SQL injection in GisLab Laboratory Management System by Gis Informatics Engineering Consulting (Gis Informatics). Affected versions: 1.4.03 through 08072026. The issue is a generic SQL injection vulnerability with network attack vector, no user interaction, and no privi...

9.8CVSS5.7AI score
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2025-210479

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint...

8.1CVSS5.3AI score
Exploits1References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-45186

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization BOLA leading to Insecure Direct Object Reference IDOR in the AJAX ticket-management subsystem...

7.1CVSS5.3AI score
Exploits0References5
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-14871 osTicket v1.18.3 - v1.17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization BOLA leading to Insecure Direct Object Reference IDOR in the AJAX ticket-management subsystem...

7.1CVSS5.3AI score
Exploits0References5
Cvelist
Cvelist
added yesterday35 views

CVE-2026-14871 osTicket v1.18.3 - v1.17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization BOLA leading to Insecure Direct Object Reference IDOR in the AJAX ticket-management subsystem...

7.1CVSS
Exploits0References5
CVE
CVE
added yesterday13 views

CVE-2026-14871

This CVE affects osTicket versions 1.18.3 and 1.17.7, where a Broken Object Level Authorization (BOLA) leads to an Insecure Direct Object Reference (IDOR) in the AJAX ticket-management subsystem. The issue enables cross-department data disclosure due to improper access controls on object referenc...

7.1CVSS5.3AI score
Exploits0References5
NVD
NVD
added yesterday8 views

CVE-2026-16072

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...

4.9CVSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-45173

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...

4.9CVSS5.3AI score
Exploits0References2
Cvelist
Cvelist
added yesterday33 views

CVE-2026-16072 Keycloak-services: keycloak-services: organization invitation link exposure allows unauthorized member creation

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...

4.9CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-16072

CVE-2026-16072 affects Keycloak’s organization management component. A delegated administrator with org-management permissions can create an invitation for a non-existent email address and then fetch the secret registration link via the API, enabling creation of new user accounts and their additi...

4.9CVSS5.3AI score
Exploits0References2
NVD
NVD
added yesterday10 views

CVE-2026-16014

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday10 views

EUVD-2026-45167

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS7.1AI score
Exploits0References6
Cvelist
Cvelist
added yesterday35 views

CVE-2026-16014 code-projects Hospital Bed Management System Login Form sql injection

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-16014

The CVE-2026-16014 entry concerns code-projects Hospital Bed Management System 1.0. It identifies a vulnerability in an unspecified part of the Login Form, where manipulating the Username argument triggers a SQL injection. The vulnerability enables remote exploitation, and public exploits exist. ...

7.5CVSS7.1AI score
Exploits0References6
NVD
NVD
added yesterday9 views

CVE-2026-16009

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-45162

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS6.5AI score
Exploits0References6
Rows per page
Query Builder