Lucene search
K

105519 matches found

CVE
CVE
added 2026/04/29 3:45 p.m.8 views

CVE-2026-7390

The CVE affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability resides in the Customer function of /index.php?page=customer, where manipulating the Name parameter yields cross-site scripting (XSS). Attack surface is remote with a public exploit. No remediation details a...

5.1CVSS3.7AI score0.00195EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/29 3:45 p.m.4 views

CVE-2026-7390 SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

5.1CVSS3.5AI score0.00195EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/29 3:45 p.m.7 views

EUVD-2026-26253

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

5.1CVSS3.6AI score0.00195EPSS
Exploits0References5
OSV
OSV
added 2026/04/29 3:30 p.m.9 views

GHSA-FM6C-RHCF-7439 Cockpit is vulnerable to arbitrary code execution

Cockpit versions 2.13.5 and earlier are vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

9.8CVSS6.3AI score0.00426EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/29 3:30 p.m.11 views

Cockpit is vulnerable to arbitrary code execution

Cockpit versions 2.13.5 and earlier are vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

9.8CVSS6.3AI score0.00426EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/29 3:30 p.m.4 views

CVE-2026-7389

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/04/29 3:16 p.m.5 views

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

7.5CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 3:16 p.m.5 views

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

9.8CVSS0.00426EPSS
Exploits0References2
NVD
NVD
added 2026/04/29 3:16 p.m.5 views

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

9.8CVSS0.01127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 2:49 p.m.5 views

CVE-2026-7224

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 2:49 p.m.3 views

CVE-2026-4911

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

5.3CVSS5.7AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.10 views

CVE-2026-7218

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function iscmdstringvalid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out...

8.6CVSS7.6AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.7 views

CVE-2026-7248

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfilehtm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

10CVSS9.1AI score0.02154EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.6 views

CVE-2026-7122

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

10CVSS8.2AI score0.01766EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 2:30 p.m.3 views

CVE-2026-7384

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function searchpapers of the file researchserver.py. Performing a manipulation of the argument topic results in path traversal. Remote...

7.5CVSS7.2AI score0.00418EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/04/29 12:33 p.m.12 views

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +25551 more potentially affected by CVE-2026-22745 via org.springframework:spring-webmvc (>=1.2.1 <=5.3.4)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.0, =0.0.12, =0.1.15 and more Source cves: CVE-2026-22745 Source advisory: OSV:GHSA-6P4F-WCWH-5VVM...

5.3CVSS5.7AI score0.00341EPSS
Exploits0
OSV
OSV
added 2026/04/29 9:59 a.m.6 views

CLSA-2026-1777456776 glibc: Fix of CVE-2021-35942

CVE-2021-35942: fix integer overflow in wordexp positional parameter number...

9.1CVSS6.8AI score0.02678EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 9:16 a.m.5 views

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 9:16 a.m.4 views

CVE-2026-42516

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

7.1CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 8:37 a.m.15 views

CVE-2026-3325

MegaCMS v12.0.0 is affected by a SQL injection in the /web_comunications/cms/get_provincias endpoint, via the POST parameter id_territorio after the registration form submission. The vulnerability stems from insufficient validation/sanitisation of user input, allowing an unauthenticated attacker ...

10CVSS6.2AI score0.00267EPSS
Exploits0References1
Rows per page
Query Builder