Lucene search
K

93342 matches found

Patchstack
Patchstack
added 2026/03/03 12:36 p.m.6 views

WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by PPzzAArr in WordPress Plugin Podlove Web Player versions = 5.9.1...

7.5CVSS6AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/03 12:20 p.m.6 views

WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pets Club versions = 2.3...

9.8CVSS6AI score0.0051EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/03 12:19 p.m.6 views

WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Handyman versions = 1.4.7...

9.8CVSS5.8AI score0.0051EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/03 1:48 a.m.4 views

CVE-2026-26698

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modaledit.php...

4.9CVSS6AI score0.00276EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/03 1:21 a.m.7 views

EUVD-2026-9273

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

8.8CVSS6.5AI score0.00888EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/03 12:0 a.m.4 views

CVE-2026-26885

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=deleteservice...

6AI score0.0022EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/03 12:0 a.m.22 views

CVE-2026-26886

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manageservice.php...

0.0022EPSS
Exploits1References1
CVE
CVE
added 2026/03/03 12:0 a.m.11 views

CVE-2026-26888

Sourcecodester Pharmacy Point of Sale System v1.0 is affected by SQL Injection in /pharmacy/manage_stock.php. Root cause is unsanitized input in the SQL query. CVSS details (NVD) indicate a Network attack vector, Low base impact (C/L, I/N, A/N), with a base score of 2.7 and HIGH privileges requir...

2.7CVSS6AI score0.00284EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.9 views

PT-2026-22949

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and 5.9.0-beta.1 Description A security issue exists that allows an authenticated administrator to execute arbitrary code. This is possible by injecting a Server-Side Template Injection SSTI payload into...

9.4CVSS6.2AI score0.01067EPSS
Exploits1References9
CVE
CVE
added 2026/03/03 12:0 a.m.10 views

CVE-2026-26885

CVE-2026-26885 affects the Sourcecodester Online Men's Salon Management System v1.0. The vulnerability is an SQL Injection in the endpoint /classes/Master.php?f=delete_service, caused by unsafe SQL handling in the related function. The impact is described as low with no user interaction required,...

2.7CVSS6AI score0.0022EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2026/03/03 12:0 a.m.4 views

Debian: Security Advisory (DSA-6154-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS6AI score0.00573EPSS
Exploits4References2
Debian
Debian
added 2026/03/02 9:28 p.m.7 views

[SECURITY] [DSA 6154-1] php8.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6154-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 02, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.9AI score0.00573EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2026/03/02 9:26 p.m.9 views

Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal

Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...

8.6CVSS6.3AI score0.00673EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/02 9:26 p.m.4 views

GHSA-37J7-56XC-C468 Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal

Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...

8.6CVSS6.3AI score0.00673EPSS
Exploits1References4
OSV
OSV
added 2026/03/02 8:49 p.m.5 views

GHSA-PV87-R9QF-X56P AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...

9.8CVSS6AI score0.0151EPSS
Exploits1References5
NVD
NVD
added 2026/03/02 7:16 p.m.19 views

CVE-2026-26711

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php...

9.8CVSS0.00325EPSS
Exploits1References1
Veracode
Veracode
added 2026/03/02 6:38 p.m.7 views

Incorrect Authorization

Auth0-PHP is vulnerable to Incorrect Authorization. The vulnerability is due to improper validation of access tokens, where affected applications may accept ID tokens as Access tokens, and attackers can exploit this by manipulating the audience validation in access tokens...

7.5CVSS5.9AI score0.00368EPSS
Exploits0References13Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/02 3:50 p.m.4 views

CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)

Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openidurl parameter. This issue has been patched in version 1.11.30...

7.7CVSS5.9AI score0.00364EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/02 3:50 p.m.30 views

CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)

Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openidurl parameter. This issue has been patched in version 1.11.30...

7.7CVSS0.00364EPSS
Exploits1References2
NVD
NVD
added 2026/03/02 3:16 p.m.6 views

CVE-2026-26694

code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modalview.php...

9.8CVSS0.00496EPSS
Exploits1References1
Rows per page
Query Builder