Lucene search
K

41186 matches found

Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-13542 itsourcecode Hospital Management System doctorprofile.php sql injection

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-13542

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
Nuclei
Nuclei
added 2 days ago13 views

WeiYe-Jing datax-web <= 2.1.2 - OS Command Injection

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...

9.8CVSS6.6AI score0.09901EPSS
Exploits1References2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-40038

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS5.5AI score0.00227EPSS
Exploits0References8
CVE
CVE
added 2 days ago10 views

CVE-2026-13540

GitBucket up to 4.46.1 is affected by a vulnerability in Git.cloneRepository.setURI (RepositoryCreationService.scala) that allows server-side request forgery when the argument url is manipulated. This can be exploited remotely. An exploit has been released publicly. The patch identified is 487a9b...

6.5CVSS6.2AI score0.00227EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40037

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1V240425. The impacted element is the function sub407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guestssid leads to stack-based buffer overflow. The attack can be execut...

9CVSS6.4AI score0.00466EPSS
Exploits0References6
CVE
CVE
added 2 days ago9 views

CVE-2026-13539

The CVE concerns Wavlink WL-NU516U1-A M16U1_V240425. The vulnerable component is the POST Parameter Handler in /cgi-bin/wireless.cgi, specifically function sub_407504, where manipulation of Guest_ssid causes a stack-based buffer overflow. This can be triggered remotely; exploitation is publicly a...

9CVSS8AI score0.00466EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-13539 Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow

A vulnerability was identified in Wavlink WL-NU516U1-A M16U1V240425. The impacted element is the function sub407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guestssid leads to stack-based buffer overflow. The attack can be execut...

9CVSS0.00466EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-40035

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...

5.3CVSS5.4AI score0.00162EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-13537 CodeAstro Human Resource Management System cross-site request forgery

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...

5.3CVSS0.00162EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago8 views

CVE-2026-13536

A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor...

5.3CVSS4.2AI score0.00284EPSS
Exploits0References5
CVE
CVE
added 2 days ago11 views

CVE-2026-13536

CVE-2026-13536 affects GotoHTTP (up to 10.2). The issue is described as a cross-site scripting vulnerability in the handling of the /reg.12x file, caused by manipulation of the argument sn. Reported to be remotely initiable and publicly disclosed. The vendor states it removed an unnecessary URL p...

5.3CVSS4.2AI score0.00284EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-13536 GotoHTTP reg.12x cross site scripting

A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor...

5.3CVSS0.00284EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-40032

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-13535 CodeAstro Human Resource Management System View Endpoint Employee_model.php GetFileInfo sql injection

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 2 days ago9 views

CVE-2026-13529

A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...

6.3CVSS0.00239EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40031

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS5.4AI score0.00199EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-13534 CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS0.00199EPSS
Exploits0References7
CVE
CVE
added 2 days ago8 views

CVE-2026-13533

CVE-2026-13533 affects agentejo Cockpit CMS up to v0.12.2 in the htaccess Handler’s /config/config.yaml, via Spyc::YAMLLoad. The vulnerability arises from YAMLLoad manipulation that can make files or directories accessible and can be exploited remotely. Exploit code has been publicly disclosed an...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
Rows per page
Query Builder