Lucene search
+L

16 matches found

Vulnrichment
Vulnrichment
added 2026/04/28 6:30 p.m.5 views

CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

4.8CVSS3.4AI score0.00202EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42858

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00579EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.4 views

Kashipara Computer Base Test project in PHP 安全漏洞

Kashipara Computer Base Test project in PHP is a web application from Kashipara Inc. A security vulnerability exists in Kashipara Computer Base Test project in PHP v1.0, which stems from insufficient cleanup of the parameter smyFeedbacks in the file /users/adminpanel/admin/home.php, which could...

6.1CVSS6AI score0.00259EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/13 10:2 p.m.12 views

CVE-2025-8929 code-projects Medical Store Management System MainPanel.java sql injection

A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

6.5CVSS0.00382EPSS
Exploits1References6
OSV
OSV
added 2025/06/30 1:15 a.m.9 views

CVE-2025-6880

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-tax.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has...

8.8CVSS5.7AI score0.00361EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.6 views

SourceCodester Best Salon Management System 注入漏洞

SourceCodester Best Salon Management System is an open source salon management system from SourceCodester. SourceCodester Best Salon Management System version 1.0 suffers from an injection vulnerability that stems from improper handling of the parameters fromdate/todate in the file...

8.8CVSS7AI score0.0037EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.9 views

InnoShop 安全漏洞

InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop 0.4.1 and earlier versions, which stems from a flaw in the file manager functionality of the admin panel that could lead to code execution...

9.9CVSS7AI score0.00479EPSS
Exploits0References3
NVD
NVD
added 2025/04/16 1:15 p.m.16 views

CVE-2025-1982

Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files...

7.1CVSS0.00509EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/04 12:0 a.m.4 views

PT-2025-3786 · Unknown · Tmd Custom Header Menu

Name of the Vulnerable Software and Affected Versions: TMD Custom Header Menu version 4.0.0.1 Description: A problem was found in the processing of the file /admin/index.php. The manipulation of the headermenu id argument leads to SQL injection. The attack may be initiated remotely. The complexit...

4.3CVSS5.7AI score0.00334EPSS
Exploits0References10
OSV
OSV
added 2024/09/15 2:15 a.m.4 views

CVE-2024-8866

A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

6.1CVSS3.8AI score0.00592EPSS
Exploits1References4
OSV
OSV
added 2024/03/13 8:28 p.m.38 views

CVE-2024-27102 Improper isolation of server file access in github.com/pterodactyl/wings

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...

9.9CVSS9.1AI score0.0055EPSS
Exploits0References4
hivepro
hivepro
added 2022/03/18 8:27 a.m.265 views

Russian threat actor UAC-0056 targets European countries

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...

9.3CVSS8.4AI score0.99945EPSS
Exploits33
OSV
OSV
added 2021/12/14 4:15 p.m.6 views

CVE-2021-39319

The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8...

6.1CVSS5.8AI score0.00757EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/06/03 12:0 a.m.28 views

CMS Made Simple <= 2.2.14 Multiple XSS Vulnerabilities

CMS Made Simple is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS5AI score0.00685EPSS
Exploits3References2
CNVD
CNVD
added 2019/11/05 12:0 a.m.6 views

WordPress YIT Plugin Framework Unauthorized Modification Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.YIT Plugin Framework is one of the YIT plugin frameworks used in it. A security vulnerability exists in the...

4.3CVSS6.7AI score0.00948EPSS
Exploits0References1
myhack58
myhack58
added 2009/03/04 12:0 a.m.12 views

Burst a few over-active Defense method-vulnerability warning-the black bar safety net

Generally the Trojan is added from the start is antivirus software active defense, or 3 6 0 intercept,a few days ago in an online found several registry since the start of the method,the effect is also good,can be considered currently active Defense of a large Dead Space,even of micro-point turne...

0.8AI score
Exploits0
Rows per page
Query Builder