Lucene search
K

93385 matches found

OSV
OSV
added 2026/02/22 11:16 a.m.5 views

CVE-2026-2944

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack ma...

9.8CVSS5.8AI score0.04471EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/22 10:32 a.m.27 views

CVE-2026-2943 SapneshNaik Student Management System index.php cross site scripting

A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The attack can be launched remotely. The exploit i...

5.3CVSS0.00263EPSS
Exploits0References4
CVE
CVE
added 2026/02/22 8:32 a.m.17 views

CVE-2026-2938

The CVE-2026-2938 entry relates to SourceCodester Student Result Management System 1.0, affecting the file /srms/script/admin/core/update_smtp.php. The root cause is an unspecified function allowing improper access controls, enabling remote initiation of an attack. Public exploit disclosure is no...

7.5CVSS6.8AI score0.00567EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/22 7:32 a.m.12 views

CVE-2026-2933

YiFang CMS

4.8CVSS3.2AI score0.00198EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.6 views

CVE-2019-25451

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collectio...

8.8CVSS5.3AI score0.00319EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.8 views

CVE-2026-2035

Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...

6.8CVSS6.5AI score0.01535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.4 views

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS6.1AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2026/02/22 12:31 a.m.5 views

GHSA-5M2G-4CF6-C3RG funadmin has Incorrect Privilege Assignment in its Configuration Handler

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

7.3CVSS5.3AI score0.00286EPSS
Exploits1References6
OSV
OSV
added 2026/02/22 12:15 a.m.4 views

CVE-2026-2896

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

5.3CVSS5.4AI score
Exploits0References5
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.6 views

Code-Projects Online Reviewer System SQL注入漏洞

The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters named testid in...

9.8CVSS7.2AI score0.0033EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.4 views

PT-2026-21451

Name of the Vulnerable Software and Affected Versions Vaelsys version 4.1.0 Description A flaw exists in Vaelsys 4.1.0 related to the HTTP POST Request Handler component. Specifically, manipulation of the xajaxargs argument within a request to the file '/tree/tree server.php' can lead to operatin...

9.8CVSS7.3AI score0.05403EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.6 views

PT-2026-21435

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand reason id, and availability id in...

7.1CVSS5.9AI score0.0031EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.6 views

PT-2026-21434

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...

8.8CVSS6AI score0.00232EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/21 11:32 p.m.6 views

CVE-2026-2896

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

7.5CVSS5.3AI score0.00286EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/21 11:2 p.m.29 views

CVE-2026-2895 funadmin Member.php repass password recovery

A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...

6.3CVSS0.00392EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/21 7:31 p.m.15 views

CVE-2025-69322

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through 1.5.9...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.5 views

CVE-2025-69402

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX R rf allows PHP Local File Inclusion.This issue affects R: from n/a through = 1.5...

8.1CVSS5.5AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.6 views

CVE-2025-69409

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes PJ | Life & Business Coaching pj allows PHP Local File Inclusion.This issue affects PJ | Life & Business Coaching: from n/a through = 3.0.0...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.6 views

CVE-2025-69373

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through = 2.9.9.9.9.9.7...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.9 views

CVE-2025-69398

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through = 1.7...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
Rows per page
Query Builder