Lucene search
K

5629 matches found

Nuclei
Nuclei
added yesterday53 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS6.7AI score0.017EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday11 views

WP Projects Portfolio <= 3.0 - Cross-Site Scripting

WP Projects Portfolio with Client Testimonials WordPress plugin = 3.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13114...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-15137 code-projects Interview Management System View.php sql injection

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-15137

CVE-2026-15137 affects code-projects Interview Management System 1.0. The vulnerability arises from insecure handling of the input argument ID in file inc\classes\View.php , which enables SQL injection . The issue is exploitable remotely with no authentication, and public exploits are reported. C...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago6 views

CVE-2026-15135 code-projects Online Food Order System edit_food_items.php sql injection

A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /editfooditems.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS0.00269EPSS
Exploits0References6
CVE
CVE
added 2 days ago7 views

CVE-2026-15135

The CVE-2026-15135 describes a SQL injection in code-projects Online Food Order System 1.0, affecting edit_food_items.php. The flaw arises from unsafely handling the update parameter, enabling remote exploitation. Public exploit availability is indicated, with CVSS metrics showing high impact on ...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-7492 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42406

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS6AI score0.00251EPSS
Exploits0References3
CVE
CVE
added 2 days ago22 views

CVE-2026-7492

GitLab CE/EE vulnerable in all versions before patch levels: 18.11.7 for 9.1–18.11.x, 19.0.4 for 19.0.x, and 19.1.2 for 19.1.x. The issue allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross‑project reference pages. Impact...

5.3CVSS6AI score0.00251EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-8472 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
CVE
CVE
added 2 days ago31 views

CVE-2026-8472

CVE-2026-8472 affects GitLab Enterprise Edition and reports a privilege/authorization issue where an authenticated user with minimal access could read work item metadata from private projects. The root cause is missing authorization checks, enabling unintended metadata access. Affected versions i...

4.3CVSS6AI score0.00243EPSS
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-56778

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...

6.4CVSS0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59253 n8n - Improper Authorization in Workflow Assignment to Folders

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-56775 n8n - Incorrect OAuth Scope Validation in Evaluation Test Runs Endpoints

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...

5.4CVSS0.00176EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago237 views

GitLab CE/EE - Remote Code Execution

GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modi...

9.9CVSS7.6AI score0.76884EPSS
Exploits0References5
CVE
CVE
added 3 days ago13 views

CVE-2026-14868

The issue involves PcVue projects where the encryption protecting user account configurations in the built‑in user directory is too weak for prior versions (

8.4CVSS5.9AI score0.0005EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago9 views

CVE-2026-14769

The CVE-2026-14769 entry concerns code-projects Real State Services 1.0. A vulnerability in processing the file /pay.php allows manipulation of the Bankname parameter that leads to a SQL injection. The issue appears to be exploitable remotely and public exploit details are available. Metrics indi...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-14769 code-projects Real State Services pay.php sql injection

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago24 views

CVE-2026-14763 code-projects Hotel and Tourism Reservation Tour Reservations tour_reserves.php sql injection

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tourreserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection. The attack can be initiated remotely. The exploit ha...

7.5CVSS0.00269EPSS
Exploits0References6
CVE
CVE
added 5 days ago14 views

CVE-2026-14762

Technical details about CVE-2026-14762 are not publicly available in the provided documents. Monitor for updates on affected product versions, affected component, and remediation.

7.5CVSS6.8AI score0.00269EPSS
Exploits1References6
Rows per page
Query Builder