Lucene search
K

6400 matches found

euvd
euvd
added 2026/07/05 1:0 p.m.7 views

EUVD-2026-41756

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/05 12:0 p.m.27 views

CVE-2026-14747 code-projects Real State Services addprojectsale.php sql injection

A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely...

7.5CVSS0.00269EPSS
Exploits0References6
nvd
nvd
added 2026/07/05 8:16 a.m.7 views

CVE-2026-14725

A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality. Such manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.5CVSS0.00209EPSS
Exploits0References6
nvd
nvd
added 2026/07/05 8:16 a.m.9 views

CVE-2026-14721

A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried o...

9CVSS0.00447EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/07/05 7:15 a.m.9 views

CVE-2026-14721

A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried o...

9CVSS7.6AI score0.00447EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2026/07/05 12:0 a.m.14 views

PT-2026-55824

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit course1.php file where the manipulation of the ID argument allows for SQL injection. This allows a remote attacker to interfere with the...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/07/05 12:0 a.m.10 views

PT-2026-55814

Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Event Management Page component within the file /admin/add event.php. Remote manipulation of the fdetails argument allows for SQL injection, a technique...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References9
cve
cve
added 2026/07/04 6:15 p.m.18 views

CVE-2026-14640

CVE-2026-14640 describes a SQL injection in CodeAstro Apartment Visitor Management System 1.0. The vulnerability is in the Login component, specifically an unknown function in /index.php, where manipulating the Username argument can lead to remote exploitation. The exploit is publicly available a...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/04 5:45 p.m.29 views

CVE-2026-14638 itsourcecode Hospital Management System patient.php sql injection

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS0.002EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/04 3:45 p.m.6 views

CVE-2026-14633

A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes...

5.3CVSS4.2AI score0.00288EPSS
Exploits0References7
nvd
nvd
added 2026/07/04 1:16 p.m.9 views

CVE-2026-14628

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extractmedia of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is...

6.9CVSS0.00551EPSS
Exploits1References5
cve
cve
added 2026/07/04 9:45 a.m.17 views

CVE-2026-14623

CVE-2026-14623 affects omec-project amf up to 2.1.1. The vulnerability lies in the NGAP Message Handler function RRCInactiveTransitionReport, where manipulation can cause a remote denial of service. Exploit code maturity is shown as PROOF-OF-CONCEPT, and a public exploit has been disclosed. A pat...

5.3CVSS5.5AI score0.00522EPSS
Exploits0References8
euvd
euvd
added 2026/07/04 8:45 a.m.10 views

EUVD-2026-41661

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/04 12:0 a.m.12 views

PT-2026-55720

Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7 Description A remote attack can be initiated through the manipulation of the shopping cart argument in the getCartItems function within the...

8.8CVSS7.1AI score0.00598EPSS
Exploits0References12
nvd
nvd
added 2026/07/03 9:16 p.m.5 views

CVE-2026-14611

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS0.00253EPSS
Exploits0References8
nessus
nessus
added 2026/07/03 12:0 a.m.10 views

PHP 8.2.x < 8.2.32

The version of PHP installed on the remote host is prior to 8.2.32. It is, therefore, affected by a vulnerability as referenced in the Version 8.2.32 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEV...

5.6CVSS6AI score0.00306EPSS
Exploits0References3
nessus
nessus
added 2026/07/03 12:0 a.m.7 views

PHP 8.5.x < 8.5.8

The version of PHP installed on the remote host is prior to 8.5.8. It is, therefore, affected by a vulnerability as referenced in the Version 8.5.8 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

5.6CVSS6AI score0.00306EPSS
Exploits0References3
euvd
euvd
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41175

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References3
nessus
nessus
added 2026/06/30 12:0 a.m.7 views

Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47261)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. Axis has released patched AXIS OS...

4.3CVSS5.9AI score0.00347EPSS
Exploits0References2
nessus
nessus
added 2026/06/30 12:0 a.m.9 views

Axis Communications AXIS OS Cleartext Transmission of Sensitive Information (CVE-2024-0066)

A researcher in the AXIS OS Bug Bounty Program has found that a O3C feature may expose sensitive traffic between the client Axis device and O3C server. This issue does not apply if O3C is not used. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot...

5.3CVSS5.9AI score0.00205EPSS
Exploits0References2
Rows per page
Query Builder