Lucene search
K

42031 matches found

CVE
CVE
added yesterday9 views

CVE-2026-15753

CVE-2026-15753 affects zhinianboke xianyu-auto-reply on Server; the vulnerability concerns the /api/v1/payment/withdraw/review?action=approve endpoint where manipulation can cause the server to trust HTTP permission methods. The patch 19fc3282a1bb78a05c34945c088525d20e081cbd is referenced as a fi...

5.5CVSS5.9AI score
Exploits0References7
NVD
NVD
added yesterday2 views

CVE-2026-15777

Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-15765

CVE-2026-15765 : Use-after-free in Ozone of Google Chrome prior to 150.0.7871.125. A remote attacker, tricking a user into specific UI gestures, could potentially exploit heap corruption via a crafted HTML page. The Chrome security update 150.0.7871.124/125 (Stable Channel) includes fixes for thi...

7.5CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-15696

CVE-2026-15696 : Affects Tenda BE12 Pro firmware version 16.03.66.23. The vulnerability lies in the fromVirtualSer function of the file /goform/VirtualSer, where manipulation of the argument page leads to a stack-based buffer overflow. It can be exploited remotely, and the exploit has been disclo...

9CVSS7.5AI score
Exploits0References6
CVE
CVE
added yesterday5 views

CVE-2026-15695

Affected software: Tenda BE12 Pro 16.03.66.23. Vulnerable component: function fromDhcpListClient in /goform/DhcpListClient. Root cause: manipulation of the argument page leads to a stack-based buffer overflow. Impact: remote attack with high severity (as reflected in CVSS metrics); attacker can e...

9CVSS7.5AI score
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-15691

The CVE-2026-15691 entry concerns Tenda BE12 Pro 16.03.66.23. It affects the function fromSafeClientFilter in /goform/SafeClientFilter; manipulating the argument page causes a stack-based buffer overflow. The vulnerability can be triggered remotely, and a public exploit has been released. The con...

9CVSS7.4AI score
Exploits0References6
Nuclei
Nuclei
added yesterday12 views

PHPGurukul Hospital Management System 4.0 - SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain sensitive database information. id: CVE-2020-22165 info: name: PHPGurukul Hospital Management System 4.0 - SQL Injection...

7.5CVSS7AI score0.06348EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday36 views

Hongjing e-HR 2020 - SQL Injection

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...

9.8CVSS6.7AI score0.03766EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

WeiYe-Jing datax-web <= 2.1.2 - OS Command Injection

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...

9.8CVSS6.6AI score0.09901EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday62 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS7AI score0.03948EPSS
Exploits6References3
CVE
CVE
added yesterday7 views

CVE-2026-15678

Code-projects Online Job Portal 1.0 is affected by a cross-site scripting vulnerability in the /Admin/DetailJob.php component. The issue arises from input handling in an unknown function, enabling remote attackers to exploit XSS. Exploit has been publicly disclosed and may be used. No remediation...

5.1CVSS4.6AI score0.00199EPSS
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-15675

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-15677

The CVE-2026-15677 entry concerns code-projects Online Job Portal 1.0. Affected component: /JobSeekerInsert.php. Issue: manipulating the argument txtFile allows unrestricted upload, with the attack executable remotely and the exploit publicly available. Impact is described as unrestricted file up...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-43630

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-43629

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS6.7AI score0.00263EPSS
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-15675

The vulnerability CVE-2026-15675 affects code-projects Online Job Portal 1.0. An unknown function in /Admin/EditUser.php processes the UserId argument, and manipulating it leads to SQL injection. It can be triggered remotely, and a published exploit exists. Impact targets confidentiality, integri...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-43623

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday12 views

CVE-2026-15675 code-projects Online Job Portal EditUser.php sql injection

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS0.00263EPSS
Exploits0References6
NVD
NVD
added yesterday8 views

CVE-2026-15628

A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision.downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request...

6.5CVSS0.00219EPSS
Exploits0References8
CVE
CVE
added yesterday13 views

CVE-2026-15668

The CVE affects louisho5 picobot up to version 0.2.0, specifically the web Tool component. The vulnerability resides in WebTool.Execute (internal/agent/tools/web.go) where manipulation of the url argument enables server-side request forgery (SSRF). It is a network-vector, with low privileges requ...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References6
Rows per page
Query Builder