Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

104985 matches found

GithubExploit
GithubExploitadded 2026/05/25 10:18 a.m.82 views

tplink-priv-zero

TP-Link TL-WR841N v14 — Authenticated OS Command Injection RC...

6.1AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2026/05/25 10:18 a.m.14 views

CVE-2026-40127 Authorization Bypass Through User-Controlled Key in OutSystems Lifetime

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References2
CVE
CVEadded 2026/05/25 10:18 a.m.19 views

CVE-2026-40127

CVE-2026-40127 affects OutSystems Lifetime. The vulnerability is an Authorization Bypass Through User-Controlled Key in the ApplicationID parameter, allowing any authenticated user to read the Change Log and the application name of any application. Impact is limited to confidentiality of Change L...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/25 9:45 a.m.9 views

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS6.9AI score0.00319EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/05/25 9:45 a.m.9 views

EUVD-2026-31663

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS6.9AI score0.00319EPSS
Exploits0References5
CVE
CVEadded 2026/05/25 9:45 a.m.16 views

CVE-2026-9447

SourceCodester Simple POS and Inventory System 1.0 contains a SQL injection vulnerability in the /user/search.php endpoint, triggered by manipulating the Name parameter. This is a network-accessible issue reported as remote, with the exploit publicly available. The connected documents provide the...

7.5CVSS6.9AI score0.00319EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/25 9:30 a.m.8 views

CVE-2026-9446 SourceCodester Simple POS and Inventory System edit_customer.php sql injection

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

5.8CVSS5.7AI score0.00318EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/25 9:30 a.m.9 views

CVE-2026-9446

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

5.8CVSS5.7AI score0.00318EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/05/25 9:30 a.m.17 views

EUVD-2026-31660

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

5.8CVSS5.7AI score0.00318EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/25 9:0 a.m.7 views

CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...

5.8CVSS5.7AI score0.00318EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/25 9:0 a.m.35 views

CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...

5.8CVSS0.00318EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/25 9:0 a.m.10 views

EUVD-2026-31657

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...

5.8CVSS5.7AI score0.00318EPSS
Exploits0References5
CVE
CVEadded 2026/05/25 8:45 a.m.15 views

CVE-2026-9443

The CVE-2026-9443 vulnerability affects Edimax BR-6478AC 1.23, specifically the POST Request Handler’s formL2TPSetup function. Buffer overflow is triggered via manipulating the L2TPUserName argument in /goform/formL2TPSetup. Attack surface is network-exposed and low privileges are required, with ...

9CVSS7.8AI score0.00751EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/25 8:30 a.m.9 views

EUVD-2026-31653

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. Th...

9CVSS7.8AI score0.00751EPSS
Exploits0References4
NVD
NVDadded 2026/05/25 8:16 a.m.11 views

CVE-2026-9438

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

5.5CVSS0.00324EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/25 8:0 a.m.13 views

EUVD-2026-31651

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

6.5CVSS6.5AI score0.01364EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/25 7:30 a.m.5 views

CVE-2026-9438 yashpokharna2555 StudentManagementSystem courseDel.php resource injection

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

5.5CVSS5.7AI score0.00324EPSS
Exploits0References5
NVD
NVDadded 2026/05/25 7:16 a.m.8 views

CVE-2026-9431

A vulnerability was identified in Tenda F1202 1.2.0.20408. This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be...

9CVSS0.00738EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/25 7:15 a.m.15 views

EUVD-2026-31645

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may ...

6.5CVSS6.2AI score0.01364EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 6:30 a.m.9 views

CVE-2026-9434

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be...

10CVSS7AI score0.01909EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder