Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

104872 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 6:49 p.m.6 views

CVE-2024-47097

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS5.6AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 6:48 p.m.4 views

CVE-2024-13362

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS5.7AI score0.00276EPSS
Exploits0References1
NVD
NVDadded 2026/06/05 6:17 p.m.9 views

CVE-2026-11344

A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely...

7.5CVSS0.00354EPSS
Exploits0References6
NVD
NVDadded 2026/06/05 6:17 p.m.8 views

CVE-2026-11342

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

7.5CVSS0.00412EPSS
Exploits0References6
CVE
CVEadded 2026/06/05 6:6 p.m.19 views

CVE-2026-45750

Summary: CVE-2026-45750 affects Termix prior to 2.3.2. The flaw is in the GET /ssh/file_manager/ssh/resolvePath endpoint of the Termix File Manager, where the path parameter is embedded into a shell command executed in the active SSH session. User-controlled input is placed inside double quotes w...

9CVSS5.5AI score0.00234EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2026/06/05 5:16 p.m.10 views

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS0.00273EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/05 5:15 p.m.5 views

CVE-2026-11344 code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload

A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely...

7.5CVSS6.8AI score0.00354EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/05 5:0 p.m.28 views

CVE-2026-11342 code-projects Hotel and Tourism Reservation System details.php sql injection

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

7.5CVSS0.00412EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/05 5:0 p.m.6 views

CVE-2026-11342

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

7.5CVSS7AI score0.00412EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/06/05 5:0 p.m.7 views

EUVD-2026-34864

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/05 4:30 p.m.8 views

EUVD-2026-34859

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

6.5CVSS5.4AI score0.02681EPSS
Exploits1References6
EUVD
EUVDadded 2026/06/05 4:15 p.m.9 views

EUVD-2026-34856

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS3.8AI score0.0021EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/05 4:15 p.m.6 views

CVE-2026-11338 SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS3.6AI score0.0021EPSS
Exploits0References6
NVD
NVDadded 2026/06/05 2:16 p.m.6 views

CVE-2026-50230

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS0.00324EPSS
Exploits2References2
Cvelist
Cvelistadded 2026/06/05 1:24 p.m.35 views

CVE-2026-50233 Lyrion Music Server 9.2.0 Arbitrary Directory Listing

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

6.9CVSS0.00294EPSS
Exploits2References2
CVE
CVEadded 2026/06/05 1:24 p.m.14 views

CVE-2026-50230

Lyrion Music Server 9.2.0 is affected by an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint . The issue allows attackers to inject arbitrary HTML and JavaScript through the search parameter , enabling code execution in users’ browsers within the context of ...

6.1CVSS5.6AI score0.00324EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2026/06/05 1:24 p.m.5 views

CVE-2026-50230 Lyrion Music Server 9.2.0 Reflected XSS via server.log

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS5.6AI score0.00324EPSS
Exploits2References2
Cvelist
Cvelistadded 2026/06/05 1:24 p.m.36 views

CVE-2026-50230 Lyrion Music Server 9.2.0 Reflected XSS via server.log

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS0.00324EPSS
Exploits2References2
EUVD
EUVDadded 2026/06/05 1:24 p.m.7 views

EUVD-2026-34829

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS5.6AI score0.00324EPSS
Exploits2References2
ATTACKERKB
ATTACKERKBadded 2026/06/05 1:24 p.m.6 views

CVE-2026-50230

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS5.6AI score0.00324EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder