CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 hours ago•3 views

CVE-2026-13350

CVE-2026-13350 involves incorrect permission checks during room creation, enabling an attacker to create room types they should not be allowed to create. Documented impact is limited to creation of restricted room types; CVSS v4.0 base score is 2.3 (LOW) with network attack vector and high comple...

2.3CVSS5.8AI score

EUVD•added 9 hours ago•5 views

EUVD-2026-39189

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...

7.5CVSS6AI score

Nuclei•added 12 hours ago•36 views

Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion

Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /...." substring. id: CVE-2022-26233 info: name: Barco Control Room Management Suite =2.9...

7.5CVSS7.2AI score0.15028EPSS

Exploits3References5

NVD•added yesterday•5 views

CVE-2026-9721

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS0.00103EPSS

CVE•added yesterday•5 views

CVE-2026-9721

CVE-2026-9721 affects the Book a Room Event Calendar plugin for WordPress (versions up to 1.9). The vulnerability is a Cross-Site Request Forgery due to missing nonce validation on the settings_form()/update_settings() flow. The plugin’s settings page accepts POST actions and persists configurati...

4.3CVSS5.8AI score0.00103EPSS

EUVD•added yesterday•6 views

EUVD-2026-38658

4.3CVSS5.8AI score0.00103EPSS

Cvelist•added yesterday•24 views

CVE-2026-9721 Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00103EPSS

Patchstack•added 2 days ago•5 views

WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...

4.3CVSS5.8AI score0.00103EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/06/09 2:58 a.m.•11 views

CVE-2026-11468

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=roomtypes. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...

4.8CVSS3.9AI score0.00214EPSS

EUVD•added 2026/06/08 12:30 a.m.•12 views

EUVD-2026-34999

4.8CVSS4.1AI score0.00214EPSS

Exploits0References7

NVD•added 2026/06/08 12:16 a.m.•14 views

CVE-2026-11468

4.8CVSS0.00214EPSS

CNNVD•added 2026/06/08 12:0 a.m.•7 views

SourceCodester Hospitals Patient Records Management System 跨站脚本漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a cross-site scripting vulnerability. This vulnerability stems...

4.8CVSS4.2AI score0.00214EPSS

CVE•added 2026/06/07 11:30 p.m.•30 views

CVE-2026-11468

SourceCodester Hospitals Patient Records Management System 1.0 is affected by CVE-2026-11468. The issue arises from unknown processing of the file path /admin/?page=room_types, where manipulating the argument room triggers a cross-site scripting (XSS) vulnerability. Exploitation is possible remot...

4.8CVSS4AI score0.00214EPSS

Vulnrichment•added 2026/06/07 11:30 p.m.•7 views

CVE-2026-11468 SourceCodester Hospitals Patient Records Management System page room_types cross site scripting

4.8CVSS3.9AI score0.00214EPSS

ATTACKERKB•added 2026/06/07 11:30 p.m.•9 views

CVE-2026-11468

4.8CVSS3.9AI score0.00214EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/06/07 11:30 p.m.•40 views

CVE-2026-11468 SourceCodester Hospitals Patient Records Management System page room_types cross site scripting

4.8CVSS0.00214EPSS

RedhatCVE•added 2026/06/07 8:58 p.m.•11 views

CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

5.1CVSS5.4AI score0.00369EPSS

Exploits0References2

RedhatCVE•added 2026/06/06 6:43 p.m.•11 views

CVE-2026-11342

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

7.5CVSS5.5AI score0.00263EPSS