Lucene search
K

433 matches found

Cvelist
Cvelist
added 2026/07/05 2:30 a.m.37 views

CVE-2026-14694 SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php cancel_order sql injection

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 2:15 a.m.8 views

EUVD-2026-41716

A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancelorder of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit h...

5.5CVSS5.6AI score0.0023EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.21 views

PT-2026-43939

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The run unpack function in the ntfs3 driver fails to verify if the size size and offset size bytes read via run unpack s64 fit within the remaining buffer, despite checking run buf run...

5.5CVSS5.9AI score0.00123EPSS
Exploits0
EUVD
EUVD
added 2026/05/24 4:45 a.m.12 views

EUVD-2026-31569

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.16 views

PT-2026-42913

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save patient history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a null pointer check for inode operations This adds a sanity check for the iop pointer of the inode, which is returned after reading the Root directory MFT record. We should check that the iop is valid before...

5.9AI score0.002EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in ntfs-3g

In NTFS-3G versions before version 2021.8.22, when a specially crafted NTFS attribute is provided to the function ntfsgetattributevalue, a heap buffer overflow can occur, potentially leading to memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access,...

7.8CVSS6.9AI score0.00415EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ntfs-3g

NTFS-3G versions prior to 2021.8.22 may experience a heap buffer overflow when a specially crafted NTFS attribute is set up using the function ntfsattrsetupflag. This could allow code execution and an escalation of privileges...

7.8CVSS7.3AI score0.00477EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel up to version 6.2.7, fs/ntfs3/inode.c contains an invalid kfree function because it does not validate the MFT flags before replaying logs...

7.8CVSS7AI score0.00264EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed the missing iop in ntfsreadmft. There is a null pointer dereference issue because iop == NULL. This bug occurs because we do not initialize iop for records in $Extend$...

5.5CVSS6.4AI score0.00157EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013468 advisory. In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Tenable has extracted the...

7.8CVSS7.1AI score0.00264EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010744)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010744 advisory. In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Tenable has extracted the...

7.8CVSS7.2AI score0.00264EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.6 views

CVE-2026-6573

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

6.5CVSS6.3AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/19 3:30 p.m.7 views

EUVD-2026-23703

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

6.5CVSS6.3AI score0.00258EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.7 views

PT-2026-33631

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

6.5CVSS5.5AI score0.00258EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/19 12:0 a.m.12 views

PHPEMS 安全漏洞

PHPEMS is an open-source PHP online simulation exam system. Version PHPEMS 11.0 contains a security vulnerability, which stems from the operation of the uploadfile parameter in the file /app/exam/controller/exams.master.php. This operation leads to server-side request forgeing, potentially allowi...

6.5CVSS6.6AI score0.00258EPSS
Exploits0References2
NVD
NVD
added 2026/03/03 5:16 p.m.12 views

CVE-2026-26883

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=deleteappointment...

2.7CVSS0.0022EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/20 4:2 p.m.33 views

CVE-2026-2848 SourceCodester Simple Responsive Tourism Website Registration Master.php sql injection

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be...

7.5CVSS0.00326EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.4 views

CVE-2026-2160

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

6.1CVSS3.8AI score0.00262EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.6 views

PT-2026-6990

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Responsive Tourism Website version 1.0 Description A flaw exists in SourceCodester Simple Responsive Tourism Website version 1.0, specifically within an unknown function of the file /tourism/classes/Master.php?f=register...

5.3CVSS3.7AI score0.00352EPSS
Exploits1References7
Rows per page
Query Builder