Lucene search
K

21452 matches found

Nuclei
Nuclei
added 16 hours ago29 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS5.3AI score0.22002EPSS
Exploits4References5
Nuclei
Nuclei
added 16 hours ago55 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS6.7AI score0.017EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago166 views

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability

A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...

10CVSS6.9AI score0.20737EPSS
Exploits1References4
Nuclei
Nuclei
added 16 hours ago81 views

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...

10CVSS7.2AI score0.68293EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago85 views

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7AI score0.14759EPSS
Exploits2
NVD
NVD
added 17 hours ago6 views

CVE-2026-15676

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
added 17 hours ago7 views

CVE-2026-15676 code-projects Online Job Portal DeleteUser.php sql injection

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS
Exploits0References6
CVE
CVE
added 17 hours ago11 views

CVE-2026-15676

CVE-2026-15676 affects code-projects Online Job Portal (

7.5CVSS6.7AI score
Exploits0References6
EUVD
EUVD
added 18 hours ago4 views

EUVD-2026-43622

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/addjudges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

6.5CVSS6.5AI score
Exploits0References6
NVD
NVD
added 18 hours ago6 views

CVE-2026-15629

A weakness has been identified in louisho5 picobot up to 0.2.0. Impacted is the function CreateSkill/GetSkill of the file internal/agent/tools/filesystem.go of the component Workspace Handler. Executing a manipulation can lead to link following. It is possible to launch the attack remotely. The...

6.5CVSS
Exploits0References6
NVD
NVD
added 19 hours ago8 views

CVE-2026-15626

A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/toolbridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out...

6.5CVSS
Exploits0References7
EUVD
EUVD
added 21 hours ago5 views

EUVD-2026-43614

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS6.4AI score
Exploits0References12
CVE
CVE
added 22 hours ago8 views

CVE-2026-15624

Summary: CVE-2026-15624 affects nextlevelbuilder GoClaw 3.13.3-beta.3. The vulnerability is in the function bytePlusDownloadVideo (internal/tools/create_video_byteplus.go) of the invoke Endpoint. By manipulating the argument output.video_url, an attacker can trigger a server-side request forgery....

6.5CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 22 hours ago5 views

EUVD-2026-43613

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...

6.5CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 23 hours ago3 views

EUVD-2026-43561

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit is...

5.3CVSS4.7AI score
Exploits0References7
NVD
NVD
added yesterday4 views

CVE-2026-15596

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit is...

5.3CVSS
Exploits0References6
NVD
NVD
added yesterday3 views

CVE-2026-15557

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-43282

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References7
NVD
NVD
added yesterday5 views

CVE-2026-15546

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...

6.5CVSS0.0105EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday32 views

CVE-2026-15546 Shibby Tomato start_jffs2 sub_2D568 os command injection

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...

6.5CVSS0.0105EPSS
Exploits0References5
Rows per page
Query Builder