Lucene search
K

41188 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-13489

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS0.00228EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-39993

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminprofile.php. The manipulation of the argument loginid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ...

5.8CVSS5.7AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-39992

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...

3.1CVSS5.1AI score0.00232EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-13493 AIDC-AI ComfyUI-Copilot Workflow Checkpoint Restore conversation_api.py resource injection

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...

3.1CVSS0.00232EPSS
Exploits0References7
NVD
NVD
added 3 days ago14 views

CVE-2026-13488

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument courseyearsection results in sql injection. The attack may be launched remotely...

7.5CVSS0.00269EPSS
Exploits0References6
NVD
NVD
added 3 days ago10 views

CVE-2026-13487

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the argument sy leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS0.00269EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-39991

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS5AI score0.00411EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-13490 glpi-project glpi Document document.send.php canViewFile authorization

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS0.00309EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago9 views

CVE-2026-13490

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS5.4AI score0.00309EPSS
Exploits0References5Affected Software1
CVE
CVE
added 3 days ago20 views

CVE-2026-13490

The CVE concerns glpi-project glpi versions 11.0.5/11.0.6/11.0.7. It affects the Document Handler, specifically Document::canViewFile in front/document.send.php. Manipulating the docid argument can bypass authorization, enabling a remote attack. The description notes high complexity and that expl...

6.3CVSS5.4AI score0.00309EPSS
Exploits0References4
CVE
CVE
added 3 days ago12 views

CVE-2026-13489

The CVE-2026-13489 entry describes a vulnerability in 78 xiaozhi-esp32

3.1CVSS5.1AI score0.00228EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-13488 SourceCodester Class and Exam Timetabling System preview7.php sql injection

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument courseyearsection results in sql injection. The attack may be launched remotely...

7.5CVSS0.00269EPSS
Exploits0References6
NVD
NVD
added 3 days ago9 views

CVE-2026-13486

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument courseyearsection can lead to sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.00412EPSS
Exploits0References6
NVD
NVD
added 3 days ago10 views

CVE-2026-13485

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

7.5CVSS0.00412EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-39987

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the argument sy leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 3 days ago13 views

CVE-2026-13487

CVE-2026-13487 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in an unknown function of /archive.php caused by manipulation of the sy argument. It can be exploited remotely, and public exploit code is available. The CVSS-derived metrics indicat...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-13486

SourceCodester Class and Exam Timetabling System 1.0/6.php contains a SQL injection vulnerability in the /preview6.php endpoint, triggered by manipulating the course_year_section parameter. Exploitation can be performed remotely, and public disclosure of the exploit is noted across CVE records (C...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-39985

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-13485 SourceCodester Class and Exam Timetabling System preview.php sql injection

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

7.5CVSS0.00412EPSS
Exploits0References6
NVD
NVD
added 3 days ago11 views

CVE-2026-13483

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS0.00095EPSS
Exploits0References7
Rows per page
Query Builder