Lucene search
K

41187 matches found

CVE
CVE
added 2026/03/31 6:30 p.m.9 views

CVE-2026-5209

CVE-2026-5209 affects SourceCodester Leave Application System 1.0; the vulnerability lies in the User Management Handler, enabling cross-site scripting. The attack could be launched remotely and public exploit information is available. No remediation details are provided in the supplied documents.

4.8CVSS4.2AI score0.00253EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/31 6:30 p.m.4 views

CVE-2026-5209 SourceCodester Leave Application System User Management cross site scripting

A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS4.1AI score0.00253EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/31 5:30 p.m.5 views

CVE-2026-5206 code-projects Simple Gym Management System Payment sql injection

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Paymentid/Amount/customerid/paymenttype/customername leads to sql injection. Remote exploitation...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/03/31 5:16 p.m.13 views

CVE-2026-5205

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS0.00259EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 4:30 p.m.28 views

CVE-2026-5205 chatwoot Webhook API trigger.rb Trigger server-side request forgery

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS0.00259EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 4:30 p.m.11 views

CVE-2026-5205

The CVE-2026-5205 vulnerability affects chatwoot up to version 4.11.2, specifically the Webhooks::Trigger function in lib/webhooks/trigger.rb of the Webhook API. The root cause is manipulation of the argument url, enabling server-side request forgery (SSRF). The issue is exploitable remotely, wit...

6.5CVSS6.4AI score0.00259EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 4:30 p.m.2 views

CVE-2026-5205

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS5.6AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/03/31 4:16 p.m.7 views

CVE-2026-5203

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

5.8CVSS0.00317EPSS
Exploits1References4
NVD
NVD
added 2026/03/31 4:16 p.m.2 views

CVE-2026-5204

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

9CVSS0.02475EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/31 3:45 p.m.23 views

CVE-2026-5204 Tenda CH22 Parameter webtypelibrary formWebTypeLibrary stack-based overflow

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

9CVSS0.02475EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/31 3:45 p.m.5 views

CVE-2026-5204 Tenda CH22 Parameter webtypelibrary formWebTypeLibrary stack-based overflow

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

9CVSS6.5AI score0.02475EPSS
Exploits1References5
CVE
CVE
added 2026/03/31 3:45 p.m.10 views

CVE-2026-5204

The CVE-2026-5204 entry concerns the Tenda CH22 1.0.0.1 device. Affected is the function formWebTypeLibrary within /goform/webtypelibrary of the Parameter Handler. The input argument webSiteId can be manipulated to trigger a stack-based buffer overflow, exposing the device to remote exploitation....

9CVSS7.8AI score0.02475EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/31 3:45 p.m.25 views

CVE-2026-5203 CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

5.8CVSS0.00317EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 3:45 p.m.4 views

CVE-2026-5203

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

5.8CVSS5.5AI score0.00317EPSS
Exploits1References4
CVE
CVE
added 2026/03/31 3:45 p.m.10 views

CVE-2026-5203

CMS Made Simple

5.8CVSS5.5AI score0.00317EPSS
Exploits1References4
CVE
CVE
added 2026/03/31 2:10 p.m.13 views

CVE-2026-33581

OpenClaw before 2026.3.24 contains a sandbox bypass in the message tool that allows reading arbitrary local files via the mediaUrl and fileUrl alias parameters, which bypass localRoots validation. Attack appears to be possible when routing file requests through unvalidated aliases to access files...

8.6CVSS6AI score0.00555EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/31 12:31 p.m.5 views

EUVD-2026-17399

A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...

7.5CVSS5.7AI score0.00344EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/31 12:31 p.m.3 views

EUVD-2026-17353

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/31 11:0 a.m.28 views

CVE-2026-5198 code-projects Student Membership System Admin Login index.php sql injection

A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...

7.5CVSS0.00344EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/31 10:0 a.m.25 views

CVE-2026-5197 code-projects Student Membership System delete_user.php sql injection

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

6.5CVSS0.00192EPSS
Exploits0References5
Rows per page
Query Builder