Lucene search
K

2325 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.14 views

CVE-2026-11508

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 6:30 p.m.10 views

EUVD-2026-35185

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /homesalary.php. The manipulation of the argument rate/salaryrate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References8
CVE
CVE
added 2026/06/08 3:30 p.m.30 views

CVE-2026-11529

The CVE-2026-11529 affects the mysql_mcp_server component of the designcomputer project, specifically the read_resource function in src/mysql_mcp_server/server.py. The issue is a SQL injection caused by improper handling of the uri_str argument, leading to remote exploitation. Public exploit info...

6.5CVSS5.2AI score0.00205EPSS
Exploits0References8
NVD
NVD
added 2026/06/08 12:16 p.m.14 views

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:15 p.m.8 views

CVE-2026-11513

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/08 11:45 a.m.41 views

CVE-2026-11511 Bolt CMS HTML Attribute TextType.php HTML injection

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

5.1CVSS0.00191EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:30 a.m.12 views

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/08 11:0 a.m.12 views

EUVD-2026-35045

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 5:16 a.m.33 views

CVE-2026-11489

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

7.5CVSS0.00275EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 5:0 a.m.26 views

CVE-2026-11490

CVE-2026-11490 affects code-projects Online Music Site 1.0. A vulnerability in processing the Category argument in /Frontend/Search.php enables SQL injection. Exploitation can be performed remotely, and public disclosure of the exploit is noted in the sources. Connected documents (Attackerkb and ...

7.5CVSS7AI score0.0029EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.11 views

CodeAstro Leave Management System 注入漏洞

The CodeAstro Leave Management System is a vacation management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a SQL injection vulnerability. This vulnerability stems from the handling of the leavetype parameter in the file /admin/deleteleavetype.php,...

6.5CVSS6.6AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.11 views

MySQL MCP Server 注入漏洞

The MySQL MCP Server is a security connection tool developed by Dana K. Williams. It allows interaction between AI and MySQL databases. Versions of the MySQL MCP Server prior to 0.2.2 have a vulnerability due to improper handling of the parameter uristr in the readresource function of the...

6.5CVSS6.6AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.32 views

PT-2026-47252

Name of the Vulnerable Software and Affected Versions Online Music Site version 1.0 Description An issue exists in the processing of the '/Frontend/Search.php' endpoint. Manipulation of the Category argument allows for SQL injection, which is a technique used to execute malicious SQL statements...

7.5CVSS7.3AI score0.0029EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/06/07 7:45 a.m.10 views

CVE-2026-11457 erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS6.8AI score0.00329EPSS
Exploits0References5
CVE
CVE
added 2026/06/07 7:45 a.m.43 views

CVE-2026-11457

CVE-2026-11457 affects erzhongxmu JeeWMS, specifically the JimuReport test-connection endpoint’s file /base-boot/jmreport/testConnection. The vulnerability arises from injectable parameters in dbType, dbDriver, dbUrl, dbUsername, and dbPassword, enabling injection via crafted input. Remote exploi...

7.5CVSS6.8AI score0.00329EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:43 a.m.9 views

SUSE CVE-2026-11169

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted XML file. Chromium security severity: Medium...

8.1CVSS5.6AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/06/07 3:16 a.m.17 views

CVE-2026-11448

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS0.01582EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/07 2:30 a.m.32 views

CVE-2026-11450 GL.iNet GL-MT3000 Path Normalization dlopen command injection

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS0.01572EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.23 views

PT-2026-47169

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.18 views

PT-2026-47178

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf dump systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly...

7.5CVSS7AI score0.0026EPSS
Exploits0References6
Rows per page
Query Builder