41189 matches found
CVE-2026-13570
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...
CVE-2026-13569
A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...
CVE-2026-13565
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...
CVE-2026-13566
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...
EUVD-2026-40095
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...
CVE-2026-13570
The CVE-2026-13570 entry concerns SourceCodester Inventory Management System 1.0 and affects the User Registration Endpoint, specifically the /api/users_handler.php function where manipulating the full_name parameter leads to cross-site scripting. The vulnerability is exploitable remotely, with p...
CVE-2026-13569
The CVE-2026-13569 entry concerns weng-xianhu EyouCMS (up to version 1.7.1). A vulnerability in the API’s /index.php processing of the click_like argument enables SQL injection. The issue can be exploited remotely and public exploit information has been disclosed. The documents do not provide a p...
CVE-2026-13569 weng-xianhu EyouCMS API index.php sql injection
A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...
EUVD-2026-40089
A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...
CVE-2026-13567
The CVE-2026-13567 entry affects code-projects Online Music Site 1.0 in the POST Request Handler’s /Frontend/Feedback.php. An attacker can manipulate parameters fname, femail, faddress, or fmessage to trigger cross-site scripting. The issue is remote-present with a publicly released exploit (Proo...
CVE-2026-13567 code-projects Online Music Site POST Request Feedback.php cross site scripting
A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...
CVE-2026-13561
A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack may be performed from remote...
CVE-2026-13562
A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit...
CVE-2026-13564
A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely...
CVE-2026-13563
A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-13566
SourceCodester Class and Exam Timetabling System 1.0 contains an SQL injection in the /preview3.php script triggered by manipulating the course_year_section parameter. The issue is exploitable remotely, with a publicly available exploit. The provided documents do not specify the vulnerable hostin...
EUVD-2026-40077
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...
CVE-2026-13566 SourceCodester Class and Exam Timetabling System preview3.php sql injection
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...
CVE-2026-13565
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...
EUVD-2026-40075
A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in stack-based buffer overflow. The attack can be initiated remotely...