Lucene search
K

41186 matches found

CVE
CVE
added 3 days ago13 views

CVE-2026-13512

Databend up to version 1.2.881 on HTTP is affected. The issue resides in Tenant Handler’s ClientSessionManager::state_key (src/query/service/src/servers/http/v1/session/client_session_manager.rs) and enables authorization bypass. Exploitation may be initiated remotely; a publicly available exploi...

6.5CVSS6.2AI score0.0022EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-13510 SimStudioAI sim Password Protection deployment.ts weak hash

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible...

6.3CVSS0.00216EPSS
Exploits0References7
CVE
CVE
added 3 days ago11 views

CVE-2026-13510

CVE-2026-13510 affects SimStudioAI sim up to 0.6.92. The vulnerability lies in the Password Protection Handler, specifically the file: apps/sim/lib/core/security/deployment.ts, where a manipulation leads to use of a weak hash. This can be exploited remotely with high attack complexity, and the ex...

6.3CVSS5AI score0.00216EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8Affected Software1
CVE
CVE
added 3 days ago8 views

CVE-2026-13507

Summary (CVE-2026-13507) Volcengine OpenViking up to 0.3.21 is affected in the Local VectorDB Primary-key Label Handler, specifically the str_to_uint64 function in openviking/storage/vectordb/utils/str_to_uint64.py. The issue arises from manipulating the argument ID, causing insufficient verifica...

5CVSS5.5AI score0.00138EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-40001

A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler. The manipulation results in path traversal. The attack can be...

6.9CVSS5.7AI score0.0055EPSS
Exploits0References5
CVE
CVE
added 3 days ago15 views

CVE-2026-13503

CVE-2026-13503 affects antlr ANTLR4 up to 4.13.2. The vulnerability resides in the function getImportedVocabFile of tokenVocab Grammar Option Handler, specifically in TokenVocabParser.java, enabling a path traversal vulnerability. It can be exploited remotely and the exploit is public. The vendor...

6.9CVSS5.7AI score0.0055EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago9 views

Hongjing e-HR 2020 - SQL Injection

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...

9.8CVSS6.7AI score0.03766EPSS
Exploits1References2
Nuclei
Nuclei
added 3 days ago128 views

Ruijie RG-EW1200G Router Background - Login Bypass

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to t...

8.8CVSS6.5AI score0.56147EPSS
Exploits5References5
Nuclei
Nuclei
added 3 days ago10 views

PHPGurukul Hospital Management System 4.0 - SQL Injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain sensitive database information. id: CVE-2020-22165 info: name: PHPGurukul Hospital Management System 4.0 - SQL Injection...

7.5CVSS7.2AI score0.06348EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-13500 antlr ANTLR4 Grammar Action Block OutputFile.java code injection

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS0.00311EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-39998

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS5.6AI score0.00311EPSS
Exploits0References5
NVD
NVD
added 3 days ago7 views

CVE-2026-13495

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ...

5.8CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-13499 yashpokharna2555 restaurent-management-system Registration login_register.php cross site scripting

A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file loginregister.php of the component Registration Handler. Performing a manipulation of the argument Username results in cross site scripting. The attack may be initiat...

5.3CVSS0.00278EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-13499

CVE-2026-13499 concerns a cross-site scripting flaw in the yashpokharna2555 restaurent-management-system, affecting the Registration Handler’s login_register.php. Manipulating the Username argument enables an XSS condition, with remote initiation possible. The exploit has been publicly released; ...

5.3CVSS4.4AI score0.00278EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-13497 itsourcecode Hospital Management System appointment.php sql injection

A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /appointment.php. This manipulation of the argument editid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-39994

A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /ajaxmedicine.php. The manipulation of the argument medicineid results in sql injection. It is possible to launch the attack remotely. The exploit has been made public...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
NVD
NVD
added 3 days ago8 views

CVE-2026-13490

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS0.00309EPSS
Exploits0References4
NVD
NVD
added 3 days ago7 views

CVE-2026-13489

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS0.00228EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-39993

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ...

5.8CVSS5.7AI score0.00214EPSS
Exploits0References6
Rows per page
Query Builder