Lucene search
K

28897 matches found

Nuclei
Nuclei
added yesterday60 views

School Dormitory Management System 1.0 - SQL Injection

School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/paymenthistory.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-30512 info:...

9.8CVSS7.3AI score0.09621EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday76 views

Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

7.5CVSS7AI score0.21EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday73 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...

9.8CVSS7.2AI score0.12394EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday59 views

ArgoCD Project API Token Repository Credentials Exposure

Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...

9.9CVSS7.3AI score0.04518EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday37 views

Clustering Local File Inclusion

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id: CVE-2021-43496 inf...

7.5CVSS7.4AI score0.15689EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday36 views

Online Event Booking and Reservation System 2.3.0 - SQL Injection

Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.3AI score0.15806EPSS
Exploits3References5
OSV
OSV
added yesterday5 views

GO-2026-5919 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder

Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder...

5.4CVSS5.9AI score
Exploits0References2
The Hacker News
The Hacker News
added yesterday11 views

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send...

6.7AI score
Exploits0
OSV
OSV
added yesterday4 views

GO-2026-5876 Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher

Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

9.4CVSS5.9AI score0.00319EPSS
Exploits0References4
NVD
NVD
added 2 days ago6 views

CVE-2025-15668

A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpddelentry of the file src/isomedia/boxcodebase.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The...

4.8CVSS0.00124EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-48206

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

6.1AI score0.00236EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago11 views

CVE-2026-10657

The CVE-2026-10657 vulnerability affects Zephyr's DNS resolver when MDNS (CONFIG_MDNS_RESOLVER) is enabled. The code uses memcmp(strrchr(query, '.'), ".local", 7) to detect mDNS queries, reading a fixed 7 bytes from the suffix pointer. If the final label is shorter than 7 bytes (e.g., .org, .com,...

5.3CVSS6.2AI score0.00226EPSS
Exploits1References2Affected Software1
NVD
NVD
added 3 days ago5 views

CVE-2026-14751

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...

6.5CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 3 days ago5 views

CVE-2026-14752

A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function adddefinition of the file application/PHP/objects/notes/addintodictionary.php. Such manipulation of the argument reference leads to cross site scripting. It ...

5.1CVSS0.00203EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-14746

A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may...

7.5CVSS0.00269EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41708

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...

4.8CVSS5.5AI score0.0024EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-55798

Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description A remote cross-site scripting issue exists due to improper manipulation of the argument reference within the add definition function located in the...

5.1CVSS5.7AI score0.00203EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago39 views

CVE-2026-14685 HdrHistogram AbstractHistogram AbstractHistogram.java recordValueWithCount state issue

A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue. The attack c...

4.8CVSS0.00118EPSS
Exploits0References6
NVD
NVD
added 4 days ago6 views

CVE-2026-14624

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is public...

5.3CVSS0.00317EPSS
Exploits0References8
NVD
NVD
added 4 days ago8 views

CVE-2026-14623

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...

5.3CVSS0.00522EPSS
Exploits0References8
Rows per page
Query Builder