105140 matches found
CVE-2026-46624
CVE-2026-46624 affects Twenty CRM (open source). From 1.7.7 to 1.16.7, a critical Remote Code Execution (RCE) exists via a chained SQL Injection and a PostgreSQL COPY TO PROGRAM attack. If the PostgreSQL user is a super user, any authenticated user can execute arbitrary OS commands on the databas...
CVE-2026-9566 teableio teable Sign-up LoginPage.tsx cross site scripting
A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...
CVE-2026-9566 teableio teable Sign-up LoginPage.tsx cross site scripting
A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...
CVE-2026-40384
An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...
CVE-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...
EUVD-2026-31885
An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...
CVE-2026-40384
CVE-2026-40384 affects Joomla! Core — com_media webservice endpoint. The issue is improper validation of the search parameter in the com_media files API, enabling path traversal. Documented across NVD, CVE records, and security feeds; impact described as path traversal with high confidentiality i...
CVE-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...
CVE-2026-48901
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
CVE-2026-48901 Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
EUVD-2026-31871
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
CVE-2026-48901
The CVE-2026-48901 entry concerns Joomla! Core: the InputFilter::getInstance() method omits a security‑sensitive parameter from the instance cache key, enabling an issue in cache key construction. Affected component is the InputFilter object (core). The published metrics indicate a high impact on...
CVE-2026-9564
CVE-2026-9564 affects SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The vulnerability is located in the unknown function handling the file path /admin/?page=patients/view_patient, where manipulating the argument Remarks triggers a cross-site scripting (XSS) flaw. The i...
EUVD-2026-31864
A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/viewpatient. Performing a manipulation of the argument Remarks results in cross site scripting. Remote exploitation ...
CVE-2026-9564 SourceCodester/oretnom23 Hospitals Patient Records Management System view_patient cross site scripting
A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/viewpatient. Performing a manipulation of the argument Remarks results in cross site scripting. Remote exploitation ...
CVE-2026-47716
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...
CVE-2026-9544
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...
CVE-2026-9542
A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...
CVE-2026-9413
A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly availabl...
CVE-2026-9461
A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly...