Lucene search
K

105521 matches found

NVD
NVD
added 2026/04/28 10:16 p.m.26 views

CVE-2026-37750

A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...

6.1CVSS0.0037EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/28 8:45 p.m.7 views

EUVD-2026-26155

A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function searchpapers of the file researchserver.py. The manipulation of the argument topic results in path traversal. Attacking locally is a requirement. The exploit is now public and may be used. The project was...

5.9CVSS5.7AI score0.00185EPSS
Exploits0References4
CVE
CVE
added 2026/04/28 6:45 p.m.13 views

CVE-2026-7297

SourceCodester Pizzafy Ecommerce System 1.0 contains a cross-site scripting flaw in the save_user function at /admin/ajax.php?action=save_user. Manipulating the Name argument can trigger XSS; the attack can be executed remotely and exploit information is publicly disclosed. The connected document...

4.8CVSS3.2AI score0.00202EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 6:45 p.m.35 views

CVE-2026-7297 SourceCodester Pizzafy Ecommerce System ajax.php save_user cross site scripting

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...

4.8CVSS0.00202EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/28 6:35 p.m.6 views

CVE-2026-31255

A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...

9.8CVSS5.8AI score0.01121EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/28 6:35 p.m.3 views

CVE-2024-46636

NASA Earth Observing System Data and Information System EOSDIS MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter...

9.4CVSS5.6AI score0.00331EPSS
Exploits1References1
CVE
CVE
added 2026/04/28 6:30 p.m.9 views

CVE-2026-7296

SourceCodester Pizzafy Ecommerce System 1.0 contains an XSS vulnerability in the admin/ajax.php?action=save_order function, triggered by manipulation of the first_name argument. Remote exploitation is possible and exploits have been published. No remediation or patch details are provided in the s...

4.8CVSS3.6AI score0.00202EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 6:30 p.m.6 views

EUVD-2026-26146

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

4.8CVSS3.5AI score0.00202EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/28 6:19 p.m.8 views

CVE-2021-36438

SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...

6.5CVSS5.7AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/04/28 6:15 p.m.15 views

CVE-2026-7295

CVE-2026-7295 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability lies in the /admin/ajax.php?action=save_menu function, where manipulating the Name argument enables cross-site scripting (XSS). Exploitation can be performed remotely; the exploit has been disclosed publicly. No ...

4.8CVSS3.3AI score0.00206EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:15 p.m.3 views

CVE-2026-7295

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...

4.8CVSS3.1AI score0.00206EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/28 6:9 p.m.11 views

CVE-2026-41395

OpenClaw prior to 2026.3.28 is affected by a webhook replay vulnerability in Plivo V3 signature verification. The system canonicalizes query ordering for signatures but hashes the raw verification URL for replay detection, allowing an attacker who captures a valid signed webhook to reorder query ...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.26 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS0.00149EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.4 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 2026/04/28 3:16 p.m.8 views

CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS0.22189EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/28 2:15 p.m.2 views

CVE-2026-7283 SourceCodester Pharmacy Sales and Inventory System ajax.php save_expired sql injection

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function saveexpired of the file /ajax.php?action=saveexpired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit ha...

5.8CVSS5.1AI score0.00263EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 1:43 p.m.4 views

CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS5.9AI score0.22189EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/28 1:15 p.m.4 views

CVE-2026-7281

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. Th...

4.8CVSS3AI score0.00206EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 1:15 p.m.4 views

CVE-2026-7281 SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. Th...

4.8CVSS3AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 1:15 p.m.14 views

CVE-2026-7281

CVE-2026-7281 affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vuln is in the supplier function of /index.php?page=supplier, where manipulating the Name argument triggers cross-site scripting. It can be exploited remotely and the exploit has been publicly disclosed. CVSS data i...

4.8CVSS3.2AI score0.00206EPSS
Exploits0References5
Rows per page
Query Builder