Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1258 matches found

AstraLinux
AstraLinuxadded 5 days ago4 views

Astra Linux – Vulnerability in Python-Django

Django versions prior to 2.2.24, 3.x prior to 3.1.12, and 3.2.x prior to 3.2.4 have a potential issue with directory traversal through django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default...

4.9CVSS6.6AI score0.02737EPSS
Exploits0References2
NVD
NVDadded 2026/06/13 5:16 p.m.10 views

CVE-2026-6428

SQL Injection in reports/catalogueout.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary da...

7.6CVSS0.00244EPSS
Exploits0References3
CVE
CVEadded 2026/06/13 4:34 p.m.20 views

CVE-2026-6428

CVE-2026-6428 describes an SQL injection in Koha’s reports/catalogue_out.pl up to versions 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00. The vulnerability arises from a vulnerable sink that concatenate...

7.6CVSS6AI score0.00244EPSS
Exploits0References3
NVD
NVDadded 2026/06/12 9:16 p.m.11 views

CVE-2026-44783

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...

5.4CVSS0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/12 8:23 p.m.7 views

CVE-2026-44783 Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/12 8:23 p.m.29 views

CVE-2026-44783 Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...

5.4CVSS0.00148EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/12 8:23 p.m.6 views

EUVD-2026-36586

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References1
CVE
CVEadded 2026/06/12 8:23 p.m.17 views

CVE-2026-44783

Product/Component : Discourse (open-source discussion platform). Issue : A flaw in how replies to whispers is handled allows authenticated users outside the groups configured in whispers_allowed_groups to post into a topic’s staff-only whisper channel. The injected content is visible to whisperer...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/12 12:0 a.m.10 views

PT-2026-48980

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description A flaw in the handling of replies to whisper posts allows authenticated use...

5.4CVSS5.2AI score0.00148EPSS
Exploits0References5
NVD
NVDadded 2026/06/11 7:16 p.m.8 views

CVE-2026-47173

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/09 2:59 p.m.8 views

CVE-2026-11508

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/09 2:59 p.m.10 views

CVE-2026-11509

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/searchstaffforupdation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote...

6.5CVSS5.5AI score0.00192EPSS
Exploits0References1
NVD
NVDadded 2026/06/08 12:16 p.m.13 views

CVE-2026-11509

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/searchstaffforupdation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote...

6.5CVSS0.00192EPSS
Exploits0References5
NVD
NVDadded 2026/06/08 12:16 p.m.11 views

CVE-2026-11506

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/08 11:15 a.m.4 views

CVE-2026-11509

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/searchstaffforupdation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2026/06/08 11:15 a.m.18 views

CVE-2026-11509

CodeAstro Leave Management System 1.0 is affected by a SQL injection in /admin/search_staff_for_updation.php triggered by manipulation of the Name parameter. The issue can be exploited remotely; CVE-2026-11509 is identified with multiple CVSS vectors (e.g., 3.1 and 3.0) indicating network access,...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/06/08 11:0 a.m.10 views

CVE-2026-11508 CodeAstro Leave Management System search_staff_to_assign_pc.php sql injection

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS5.4AI score0.002EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/08 11:0 a.m.36 views

CVE-2026-11508 CodeAstro Leave Management System search_staff_to_assign_pc.php sql injection

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVEadded 2026/06/08 11:0 a.m.29 views

CVE-2026-11508

CodeAstro Leave Management System 1.0 contains a SQL injection in /admin/search_staff_to_assign_pc.php via manipulation of the Name parameter. The vulnerability is exploitable remotely, with exploit information publicly disclosed and proof-of-concept activity indicated by CVSS/ExploitMaturity dat...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/08 10:30 a.m.7 views

CVE-2026-11506 CodeAstro Leave Management System search_staff_for_deletion.php sql injection

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS5.3AI score0.002EPSS
Exploits0References6
Rows per page
Query Builder