CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•11 views

CVE-2026-11335

The CVE-2026-11335 affects the tittuvarghese CollegeManagementSystem (login-form.php) where the session_start function can be manipulated via UserAuthData, enabling remote session fixation. The flaw is exploitable without user privileges and is evidenced by published exploits; the project reporte...

7.5CVSS6.2AI score0.00038EPSS

Cvelist•added 2 days ago•28 views

CVE-2026-11335 tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation

7.5CVSS0.00038EPSS

Positive Technologies•added 2 days ago•7 views

PT-2026-46961

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiatio...

7.5CVSS6.2AI score0.00038EPSS

Exploits0References7

CVE•added 3 days ago•9 views

CVE-2026-10815

The CVE-2026-10815 entry concerns LakshayD02’s Hostel-Management-System-PHP (up to commit f87e67c283bab6f718faf2fec6ae39a13bd7036b). The vulnerability affects the Admin Dashboard Page, specifically the hostel/index.php component, where manipulating the argument ID results in missing authorization...

6.5CVSS6.2AI score0.00043EPSS

RedhatCVE•added 5 days ago•9 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

EUVD•added 6 days ago•6 views

Exploits0References1

EUVD-2026-33670

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...

6.5CVSS6.3AI score0.00043EPSS

ATTACKERKB•added 2026/05/31 4:45 a.m.•9 views

CVE-2026-10169

EUVD•added 2026/05/31 4:45 a.m.•10 views

EUVD-2026-33489

Positive Technologies•added 2026/05/31 12:0 a.m.•8 views

PT-2026-45172

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax forgot password of the file application/controllers/Login.php of the component Forgot Password Endpoint. Th...

NVD•added 2026/05/25 5:16 p.m.•10 views

CVE-2026-9472

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

6.5CVSS0.00048EPSS

Cvelist•added 2026/05/25 11:0 a.m.•32 views

CVE-2026-9452 FoundDream miniclawd exec.ts ExecTool.execute os command injection

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS0.02177EPSS

CVE•added 2026/05/17 1:0 p.m.•9 views

CVE-2026-8756

CVE-2026-8756 affects fishaudio Bert-VITS2 (up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c) with a path traversal vulnerability in the Gradio Interface’s webui_preprocess.py, specifically in generate_config. The issue arises from manipulating the data_dir argument, enabling remote exploita...

7.5CVSS6.6AI score0.00116EPSS

Positive Technologies•added 2026/05/17 12:0 a.m.•10 views

PT-2026-41567

Name of the Vulnerable Software and Affected Versions fishaudio Bert-VITS2 versions up to 8f7fbd8c4770965225d258db548da27dc8dd934c Description A path traversal issue exists in the Gradio Interface component. A remote attacker can manipulate the data dir argument within the generate config functio...

7.5CVSS7.1AI score0.00116EPSS

Positive Technologies•added 2026/04/26 12:0 a.m.•2 views

PT-2026-35205

A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument...

5.5CVSS5.5AI score0.00079EPSS

ATTACKERKB•added 2026/04/25 1:0 p.m.•2 views

CVE-2026-6980

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

7.5CVSS7.1AI score0.02085EPSS

Positive Technologies•added 2026/04/25 12:0 a.m.•3 views

PT-2026-35150

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo path of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

7.5CVSS7.1AI score0.02085EPSS

EUVD•added 2026/04/17 3:31 p.m.•1 views

EUVD-2026-23426

A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The...

6.5CVSS6.1AI score0.00014EPSS

NVD•added 2026/04/17 1:16 p.m.•0 views

CVE-2026-6489

6.5CVSS0.00014EPSS