CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 3 days ago•3 views

student_management_system_by_php code injection vulnerability

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a code injection vulnerability, which stems from incorrect handling of the parameter “Message” by an unknown function in the admissionformcheck.php file...

5.1CVSS5.6AI score0.00034EPSS

RedhatCVE•added 2026/05/26 2:13 p.m.•3 views

CVE-2026-9413

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly availabl...

5.3CVSS4.2AI score0.00035EPSS

Exploits0References1

ATTACKERKB•added 2026/05/25 1:15 a.m.•3 views

CVE-2026-9413

5.3CVSS4.2AI score0.00035EPSS

CNNVD•added 2026/05/25 12:0 a.m.•2 views

SourceCodester Indian Invoicing System 代码注入漏洞

SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. A code injection vulnerability exists in SourceCodester Indian Invoicing System version 1.0, which stems from manipulation of the parameter msg in the file /Invoicing/category.php, and could lead to...

5.3CVSS5.4AI score0.00035EPSS

CNNVD•added 2026/05/24 12:0 a.m.•4 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.16 contained a security vulnerability. This vulnerability stemmed from unknown functions in the Slack Agent/Mattermost Agent components, which manipulated the...

6.9CVSS6.6AI score0.00057EPSS

NVD•added 2026/05/13 5:16 a.m.•3 views

CVE-2026-6828

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...

6.4CVSS0.0004EPSS

ATTACKERKB•added 2026/05/13 4:26 a.m.•2 views

CVE-2026-6828

6.4CVSS6AI score0.0004EPSS

Exploits0References7

EUVD•added 2026/05/08 6:32 a.m.•2 views

EUVD-2026-28519

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be...

7.5CVSS7AI score0.00039EPSS

CNNVD•added 2026/05/01 12:0 a.m.•2 views

Solutions VoIP GSVoIP web panel 跨站脚本漏洞

Solutions VoIP GSVoIP web panel is a VoIP management interface from Solutions VoIP. A cross-site scripting vulnerability in the Solutions VoIP GSVoIP web panel version 2.0.90, which stems from improperly cleaned user input for the msg parameter in the /painel/gateways.php/error endpoint, could le...

6.1CVSS5.8AI score0.00049EPSS

Exploits1References1

EUVD•added 2026/05/01 12:0 a.m.•1 views

EUVD-2025-209607

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS5.9AI score0.00049EPSS

Exploits1References3

ATTACKERKB•added 2026/05/01 12:0 a.m.•0 views

CVE-2025-69606

6.1CVSS5.9AI score0.00049EPSS

Exploits1References4

ATTACKERKB•added 2026/04/27 5:15 a.m.•2 views

CVE-2026-7090

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.9AI score0.00012EPSS

ATTACKERKB•added 2026/04/13 4:45 a.m.•0 views

CVE-2026-6161

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has...

7.5CVSS6.9AI score0.00043EPSS

CVE•added 2026/04/13 4:15 a.m.•5 views

CVE-2026-6159

CVE-2026-6159 affects code-projects Simple ChatBox up to version 1.0. The vulnerability is in the Endpoint component’s file /chatbox/insert.php where manipulating the msg parameter leads to a cross-site scripting (XSS) issue. It can be triggered remotely and exploitation has been publicly disclos...

5.3CVSS4.1AI score0.00039EPSS

ATTACKERKB•added 2026/04/13 4:15 a.m.•1 views

CVE-2026-6159

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from...

5.3CVSS4.1AI score0.00039EPSS

CNNVD•added 2026/04/13 12:0 a.m.•1 views

Code-Projects Simple ChatBox SQL注入漏洞

Code-Projects Simple ChatBox is a simple chat box system developed by Code-Projects as open source. Versions of Code-Projects Simple ChatBox 1.0 and earlier contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the msg parameter in the...

7.5CVSS7.2AI score0.00043EPSS