CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/06/03 12:45 a.m.•6 views

CVE-2026-10704

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/adminclassnovo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack ca...

7.5CVSS6.9AI score0.00281EPSS

Exploits0References6Affected Software1

EUVD•added 2026/06/03 12:15 a.m.•7 views

EUVD-2026-34059

7.5CVSS6.9AI score0.00302EPSS

Vulnrichment•added 2026/06/03 12:15 a.m.•7 views

CVE-2026-10694 SourceCodester Online Food Ordering System index.php include file inclusion

7.5CVSS6.9AI score0.00302EPSS

ATTACKERKB•added 2026/06/03 12:15 a.m.•6 views

CVE-2026-10694

7.5CVSS6.9AI score0.00302EPSS

Exploits0References6Affected Software1

CNNVD•added 2026/06/03 12:0 a.m.•2 views

WordPress plugin Passeum Ticketing 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.1AI score0.00215EPSS

Exploits0References7

CNNVD•added 2026/06/03 12:0 a.m.•2 views

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 2.0 of the SourceCodester Online Food Ordering System has a security vulnerability. This vulnerability stems from the handling of the page parameter in the include...

7.5CVSS7.3AI score0.00302EPSS

Positive Technologies•added 2026/06/03 12:0 a.m.•10 views

PT-2026-45903

Name of the Vulnerable Software and Affected Versions Vinyl Cache versions prior to 9.0.1 Varnish Cache versions prior to 9.0.3 Description A deficiency in HTTP/2 request parsing allows for backend request desync attacks, also known as request smuggling. This occurs when the frontend and backend...

2.3CVSS5.2AI score0.00317EPSS

Exploits0References11

CNNVD•added 2026/06/03 12:0 a.m.•6 views

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server developed by Eduard Ruzga. Version 0.2.37 of Desktop Commander MCP contains a security vulnerability. This vulnerability stems from the handling of the url parameter in the readFileFromUrl function found in the src/tools/filesystem.ts file. This vulnerabilit...

6.5CVSS6.3AI score0.00209EPSS

Exploits0References7

Positive Technologies•added 2026/06/03 12:0 a.m.•9 views

PT-2026-46097

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

8.7CVSS5.8AI score0.0015EPSS

Exploits0References5

RedhatCVE•added 2026/06/02 10:2 p.m.•8 views

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00294EPSS

RedhatCVE•added 2026/06/02 10:2 p.m.•9 views

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS

NVD•added 2026/06/02 9:16 p.m.•10 views

CVE-2026-10624

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS0.00242EPSS

NVD•added 2026/06/02 9:16 p.m.•8 views

CVE-2026-41569

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS0.00182EPSS

NVD•added 2026/06/02 9:16 p.m.•7 views

CVE-2026-10620

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

7.5CVSS0.00272EPSS

Exploits0References8

Cvelist•added 2026/06/02 8:30 p.m.•30 views

CVE-2026-41569 authentik: WS-Federation wreply origin bypass can exfiltrate signed login responses to attacker-controlled endpoints

6.9CVSS0.00182EPSS

ATTACKERKB•added 2026/06/02 8:30 p.m.•7 views

CVE-2026-41569

Exploits0References2Affected Software1

EUVD•added 2026/06/02 8:30 p.m.•7 views

EUVD-2026-34025

Vulnrichment•added 2026/06/02 8:30 p.m.•8 views

CVE-2026-41569 authentik: WS-Federation wreply origin bypass can exfiltrate signed login responses to attacker-controlled endpoints

CVE•added 2026/06/02 8:30 p.m.•13 views

CVE-2026-41569

CVE-2026-41569 concerns authentik, an open-source identity provider. Before 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter with a raw string prefix check instead of proper URL parsing, enabling an attacker to craft a login link with a wreply on a different origi...