CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

875 matches found

Purchase Order Management v1.0 - SQL Injection

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/viewdetails.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...

9.8CVSS6.6AI score0.73794EPSS

Exploits1References5

Nuclei•added yesterday•14 views

Purchase Order Management v1.0 - Cross Site Scripting (Reflected)

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...

6.1CVSS6.2AI score0.27387EPSS

Exploits1References4

HackRead•added 3 days ago•9 views

Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives

Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users' browser, crypto, and Discord data...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/05/21 6:46 a.m.•6 views

Malicious code in wdt-erpmcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec852c69947e2a2575ae37ce4a442a67dc01f7328c0c603b94c87aa84803623f wdt-erpmcp advertises itself as a generic MCP wrapper over the caller's Wangdian Tongda WDT ERP, and three of its four tools correctly read WDTAPPKEY...

5.8AI score

Exploits0References3

RedhatCVE•added 2026/05/11 8:27 p.m.•3 views

CVE-2026-8218

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchasereturnsave. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the...

4.8CVSS4.1AI score0.00032EPSS

Exploits0References1

NVD•added 2026/05/11 12:16 a.m.•8 views

CVE-2026-8253

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

4.8CVSS0.0003EPSS

Exploits0References4

CNNVD•added 2026/05/11 12:0 a.m.•5 views

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...

4.8CVSS5.6AI score0.0003EPSS

Exploits0References1

EUVD•added 2026/05/10 11:30 p.m.•7 views

EUVD-2026-29008

4.8CVSS4.2AI score0.0003EPSS

Exploits0References4

CVE•added 2026/05/10 11:30 p.m.•10 views

CVE-2026-8253

Devs Palace ERP Online (up to v4.0.0) contains an XSS vulnerability in the /inventory/purchase_save functionality. The issue arises from manipulation of an unknown component, allowing remote initiation of an attack. Exploit appears to be public. Vendor has not responded to disclosures. No remedia...

4.8CVSS4.2AI score0.0003EPSS

Exploits0References4

Cvelist•added 2026/05/10 11:30 p.m.•29 views

CVE-2026-8253 Devs Palace ERP Online purchase_save cross site scripting

4.8CVSS0.0003EPSS

Exploits0References4

ATTACKERKB•added 2026/05/10 11:30 p.m.•6 views

CVE-2026-8253

4.8CVSS4.2AI score0.0003EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/10 11:30 p.m.•4 views

CVE-2026-8253 Devs Palace ERP Online purchase_save cross site scripting

4.8CVSS4.2AI score0.0003EPSS

Exploits0References4

OSV•added 2026/05/10 10:0 a.m.•0 views

MAL-2026-3412 Malicious code in post-purchase-bundler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a33aa69ef958573a786f3db208d8ee335829e14009d1fdafecbc842ed493b8b The package post-purchase-bundler was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/05/10 10:0 a.m.•5 views

Malicious code in post-purchase-bundler (npm)

5.8AI score

Exploits0

EUVD•added 2026/05/10 3:33 a.m.•6 views

EUVD-2026-28954

4.8CVSS4.1AI score0.00032EPSS

Exploits0References6

NVD•added 2026/05/10 2:16 a.m.•7 views

CVE-2026-8218

4.8CVSS0.00032EPSS

Exploits0References5

ATTACKERKB•added 2026/05/10 1:30 a.m.•1 views

CVE-2026-8218

4.8CVSS4.1AI score0.00032EPSS

Exploits0References5Affected Software1

CVE•added 2026/05/10 1:30 a.m.•6 views

CVE-2026-8218

The CVE-2026-8218 entry concerns Devs Palace ERP Online (up to version 4.0.0). The vulnerability lies in an unknown function within the file /inventory/purchase_return_save, where input manipulation can trigger cross-site scripting. The issue is exploitable remotely and has public PoC/exploit ava...

4.8CVSS4.1AI score0.00032EPSS

Exploits0References5

Cvelist•added 2026/05/10 1:30 a.m.•33 views

CVE-2026-8218 Devs Palace ERP Online purchase_return_save cross site scripting

4.8CVSS0.00032EPSS

Exploits0References5

Vulnrichment•added 2026/05/10 1:30 a.m.•3 views

CVE-2026-8218 Devs Palace ERP Online purchase_return_save cross site scripting

4.8CVSS4.1AI score0.00032EPSS

Exploits0References5

Rows per page