Lucene search
+L

21592 matches found

Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-15517 Jinher OA PlanGiveOut.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...

7.5CVSS0.00254EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago12 views

EUVD-2026-43259

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 6 days ago15 views

CVE-2026-51537

OpENer 2.3.0 (commit 76b95cf) contains an out-of-bounds read in the Connection Manager when processing malformed ForwardOpen/LargeForwardOpen requests, allowing a remote attacker to trigger the issue over the network without authentication. Red Hat notes potential denial of service or information...

9.1CVSS6.1AI score0.00434EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-15508

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...

6.5CVSS0.00333EPSS
Exploits0References5
NVD
NVD
added last week12 views

CVE-2026-15507

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS0.00333EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/12 12:30 p.m.33 views

CVE-2026-15501 AstrBotDevs AstrBot MCP Test Endpoint tools.py ToolsRoute.test_mcp_connection server-side request forgery

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...

6.5CVSS0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/07/12 12:16 p.m.10 views

CVE-2026-15499

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/12 11:45 a.m.8 views

EUVD-2026-43221

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
CVE
CVE
added 2026/07/12 10:30 a.m.17 views

CVE-2026-15494

AMTT Hotel Broadband Operation System 1.0 contains a SQL injection flaw in an unknown function of file manager/network/switch_status.php. Manipulating the argument ID remotely can lead to SQL injection. An exploit has been published and may be used; vendor contact occurred with no response. Docum...

5.8CVSS6AI score0.00202EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/12 10:15 a.m.33 views

CVE-2026-15493 Akpali9 Attendance-Management-System absent.php cross site scripting

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument exportdate results in cross site scripting. It is possible to initiate...

5.1CVSS0.00191EPSS
Exploits0References4
CVE
CVE
added 2026/07/12 10:15 a.m.14 views

CVE-2026-15493

The CVE-2026-15493 entry concerns Akpali9 Attendance-Management-System. Vulnerability context: absent.php processing is affected, enabling cross-site scripting via manipulation of the export_date argument. Impact is stated as remote initiation with low to moderate risk indicators depending on the...

5.1CVSS4.8AI score0.00191EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/12 9:45 a.m.36 views

CVE-2026-15491 RafyMrX TOKO-ONLINE-ROTI missing authentication

A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain...

7.5CVSS0.00627EPSS
Exploits0References4
NVD
NVD
added 2026/07/12 9:16 a.m.5 views

CVE-2026-15489

A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack i...

7.5CVSS0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/07/12 9:0 a.m.15 views

CVE-2026-15489

The CVE-2026-15489 entry describes a SQL injection in RafyMrX TOKO-ONLINE-ROTI (up to commit ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99) via an input in the file proses/login.php where the Username argument is manipulated. The vulnerability is exploitable remotely, with a publicly available exploit...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/12 9:0 a.m.10 views

EUVD-2026-43211

A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack i...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/12 5:0 a.m.40 views

CVE-2026-15479 H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recovery

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function changepasswd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS0.00278EPSS
Exploits0References5
CVE
CVE
added 2026/07/12 4:30 a.m.15 views

CVE-2026-15478

IceHRM

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/07/12 2:16 a.m.12 views

CVE-2026-15471

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pcidssstatus.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. Th...

5.3CVSS0.00207EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/12 1:15 a.m.41 views

CVE-2026-15472 Eleveo Call Recording Software composeEmailAction.do improper authorization

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...

5.3CVSS0.00207EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/12 1:0 a.m.7 views

EUVD-2026-43193

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pcidssstatus.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. Th...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References5
Rows per page
Query Builder