Lucene search
K

775 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-43248

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS6.4AI score0.00333EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57575

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build target url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extracted path and query can lead to server-side request...

6.5CVSS6.3AI score0.00333EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-15373 Eleveo Call Recording Software userAddAction.do improper authorization

A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS0.00256EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/05 2:0 p.m.7 views

CVE-2026-14754

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/05 8:45 a.m.14 views

CVE-2026-14732

The CVE concerns SourceCodester Class and Exam Timetabling System 1.0, where manipulating the ID parameter in /edit_exam.php enables SQL injection. The issue is exploitable remotely, with publicly disclosed exploit. CVSS metrics indicate network access, low attack complexity, no privileges requir...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 6:0 a.m.41 views

CVE-2026-4986 WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.12 views

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.13 views

CVE-2026-5781

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitati...

8.8CVSS5.5AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 p.m.12 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46253

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46389

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.14 views

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 6:16 a.m.13 views

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS0.00263EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 5:0 a.m.11 views

CVE-2026-10226 raisulislamg4 student_management_system_by_php delete.php sql injection

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:0 a.m.19 views

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 5:0 a.m.16 views

EUVD-2026-33559

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 12:15 a.m.13 views

EUVD-2026-33528

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used...

9CVSS7.7AI score0.005EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45275

A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract anim value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be...

5.3CVSS6.2AI score0.00124EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45270

A flaw has been found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument user id/course id/teacher id/student id/application id can lead to sql injection...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References7
OSV
OSV
added 2026/05/28 2:49 p.m.1 views

CVE-2026-48735 pypdf: Manipulated XMP metadata streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.9AI score0.0013EPSS
Exploits0References5
Rows per page
Query Builder