Lucene search
K

1080802 matches found

NVD
NVD
added 1 hour ago3 views

CVE-2026-15523

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-15523 CodeAstro Simple Online Leave Management System dashboard.php sql injection

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS
Exploits0References6
CVE
CVE
added 2 hours ago5 views

CVE-2026-15523

CVE-2026-15523 affects CodeAstro Simple Online Leave Management System 1.0. The vulnerability is in the /SimpleOnlineLeave/admin/dashboard.php file, where manipulation of the Name argument enables SQL injection. The issue can be triggered remotely and a public exploit is available. The supplied s...

6.5CVSS6.5AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43265

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS6.5AI score
Exploits0References6
Fedora
Fedora
added 3 hours ago6 views

[SECURITY] Fedora 43 Update: attr-2.6.0-1.fc43

A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr1 and setfattr1. An attr1 command is also provided which is largely compatible with the SGI IRIX tool of the same name...

8.4CVSS6.1AI score0.00136EPSS
Exploits0
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57610

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS6.5AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in babel-preset-lib-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4274de0136aa69f8b0f4eba03412c7809a1b8c2446bb3ed7f6de1333475aa4c4 index.js, the package main, runs a load-time IIFE that collects OS platform and architecture, hostname, username, private and public IP via...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in react-next-vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 286869faf09aec1d62b472e43a7188a1583c5cf8c999d1fb2e116f0b7f5ba8c6 The package impersonates the pino logger README/badges reference pino; module.exports.pino is the middleware while its name is react-next-vite. When ...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in nullrift (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ebce322ac712405bfd29254cbd8f820c20ddc083587693a982b75ef6f3039a Package advertises itself as an SVG fetcher/sanitizer but its main module also exports an undocumented getPlugin function. The returned function...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday9 views

Malicious code in chain-await-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7412987df7a746c9128ca807cbd2222b340e3b4f8397620348fc62606a0f2b5 The package's declared main entry index.js exports a factory check that spawns a detached, unreferenced Node child process running lib/vcall.js, then...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in react-dom-v17 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f55f6e35ab09a2fcd6521dac51aa4baa4cfa726958bc266a0d56fc14de240a29 Package name impersonates the widely-used react-dom package react-dom-v17. package.json declares preinstall: node index.js, which fires automatically...

6.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in library-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28b5db05b3bdfb9cc8b1af9759f05a3bc7a1b6a9c364b86831b93df78e9e2273 package.json declares preinstall: node index.js. On npm install, index.js collects installer host identity os.hostname, os.platform, os.arch,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in giantswarm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75f3a244f2761c56347f695897a491d23ab04cafe1e5b0e46fd7d0d2c993f828 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js collects host reconnaissance — hostname,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in api-changelly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a94f4aa368f1838507a78dde78062b740a5853b516d9d32782d0264b539b724c The package declares preinstall: node index.js, which runs automatically on npm install. index.js collects installer identifiers os.hostname,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday7 views

Malicious code in polylabel-web-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce7df46acd8236fafbaa27dbccb92d1f286c17b023ea5ff555700e76c4a0188f [email protected] ships an empty index.js stub and declares its only runtime dependency as a direct tarball URL on a Google Cloud Storage...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday11 views

Malicious code in polymarket-kelly-math-stake (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2cf5ba9cd75b1a773e3a04e6eb45778894e04fd1d55b2e8ad03ae97deb41d16 [email protected] runs a postinstall script scripts/install-check.cjs that fetches a JSON config from...

6.3AI score
Exploits0References1
GithubExploit
GithubExploit
added yesterday34 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-jms Forged DefaultExchangeHolder Filter-Bypass Reproduce...

9.8CVSS6.2AI score0.00881EPSS
Exploits2
NVD
NVD
added yesterday9 views

CVE-2026-61875

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS
Exploits0References2
EUVD
EUVD
added yesterday10 views

EUVD-2026-43235

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday15 views

CVE-2026-61875 luci-app-upnp Stored XSS via UPnP Port Mapping Description

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS
Exploits0References2
Rows per page
Query Builder