Lucene search
K

21524 matches found

Nuclei
Nuclei
added 13 hours ago55 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS6.7AI score0.017EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago85 views

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7AI score0.14759EPSS
Exploits2
EUVD
EUVD
added 17 hours ago5 views

EUVD-2026-44515

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS6.3AI score
Exploits0References7
CVE
CVE
added yesterday6 views

CVE-2026-15777

CVE-2026-15777 – Use-after-free in the Chrome UI on Linux prior to 150.0.7871.125 can allow a remote attacker to induce heap corruption by tricking a user into performing specific UI gestures on a crafted HTML page. Affected product: Google Chrome (Linux UI subsystem). Root cause: use-after-free ...

7.5CVSS6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday5 views

CVE-2026-15773

CVE-2026-15773 is a Use-After-Free in Chrome’s Core on Windows prior to 150.0.7871.125 that could allow a remote attacker to achieve a sandbox escape via a crafted HTML page. The vulnerability affects Google Chrome Windows builds and is tracked in multiple sources. No exploitation status is provi...

9.6CVSS6.2AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-15703 SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument userid results in sql injection. It is possible to initiate the attack remotely...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15701 Totolink NR1800X lighttpd formLogout.htm Form_Logout stack-based overflow

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. Affected by this issue is the function FormLogout of the file /formLogout.htm of the component lighttpd. This manipulation of the argument Host causes stack-based buffer overflow. The attack is possible to be carried out...

10CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday17 views

CVE-2026-15700 DedeCMS Album Publishing Feature zip.class.php ExtractFile path traversal

A security flaw has been discovered in DedeCMS 5.7.118. Affected by this vulnerability is the function ExtractFile of the file include/zip.class.php of the component Album Publishing Feature. The manipulation of the argument filename results in path traversal. The attack can be executed remotely...

5.8CVSS
Exploits0References5
CVE
CVE
added yesterday13 views

CVE-2026-15692

CVE-2026-15692 affects Tenda BE12 Pro firmware 16.03.66.23. The vulnerability lies in the fromSafeUrlFilter function within /goform/SafeUrlFilter, where manipulating the argument page can cause a stack-based buffer overflow. This can be exploited remotely, and public exploits are available. Conne...

9CVSS7.4AI score
Exploits0References6
Nuclei
Nuclei
added yesterday81 views

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...

10CVSS7.2AI score0.68293EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday166 views

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability

A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...

10CVSS6.9AI score0.20737EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday29 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS5.3AI score0.22002EPSS
Exploits4References5
NVD
NVD
added yesterday6 views

CVE-2026-15676

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday20 views

CVE-2026-15676 code-projects Online Job Portal DeleteUser.php sql injection

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added yesterday12 views

CVE-2026-15676

CVE-2026-15676 affects code-projects Online Job Portal (

7.5CVSS6.7AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-43622

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday25 views

CVE-2026-15672 itsourcecode Electronic Judging System add_judges.php sql injection

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-15629

A weakness has been identified in louisho5 picobot up to 0.2.0. Impacted is the function CreateSkill/GetSkill of the file internal/agent/tools/filesystem.go of the component Workspace Handler. Executing a manipulation can lead to link following. It is possible to launch the attack remotely. The...

6.5CVSS0.00288EPSS
Exploits0References6
NVD
NVD
added yesterday8 views

CVE-2026-15626

A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/toolbridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out...

6.5CVSS0.00294EPSS
Exploits0References7
EUVD
EUVD
added yesterday5 views

EUVD-2026-43614

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS6.4AI score0.0028EPSS
Exploits0References12
Rows per page
Query Builder