Lucene search
K

11506 matches found

CVE
CVE
added 2 days ago7 views

CVE-2026-42900

The CVE-2026-42900 entry concerns a race condition caused by improper synchronization in the Windows App Store. Reported impact is privilege elevation over a network, implying an unauthorized attacker could exploit a timing-related flaw to escalate access. Documents consistently describe a concur...

8.1CVSS6.2AI score0.00398EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-52839

Easy!Appointments versions before 1.6.0 allow cross-provider appointment injection via unauthorized use of the store and update endpoints. The vulnerability arises because store/update do not verify that id_users_provider belongs to the current session, enabling a provider to add or reassign appo...

3.3CVSS6.1AI score0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago24 views

CVE-2026-52839 Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass

Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the appointments/search response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints appointments/store and...

3.3CVSS0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43637

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago26 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS0.00157EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43282

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43295

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS5.7AI score0.00227EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43296

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...

5.3CVSS5.9AI score0.00242EPSS
Exploits0References7
NVD
NVD
added 3 days ago7 views

CVE-2026-15540

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...

5.3CVSS0.00242EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-15539

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS0.00227EPSS
Exploits0References6
NVD
NVD
added 3 days ago4 views

CVE-2026-15537

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-15540 SourceCodester Online Book Store System Administrative index.php php file inclusion

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...

5.3CVSS0.00242EPSS
Exploits0References6
CVE
CVE
added 3 days ago9 views

CVE-2026-15540

CVE-2026-15540 affects SourceCodester Online Book Store System 1.0. The Administrative Interface file /admin/index.php contains a vulnerability where manipulating the page parameter leads to improper control of the filename used in include/require statements in PHP, i.e., a local file inclusion. ...

5.3CVSS5.9AI score0.00242EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-15532

A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...

4.8CVSS0.0021EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-15539 SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS0.00227EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-15539

SourceCodester Online Book Store System 1.0 is affected by a vulnerability in the Book Image Upload Feature (admin/index.php?page=books) that allows unrestricted file upload. The issue enables remote attacker manipulation leading to unrestricted upload, as disclosed publicly. No remediation detai...

5.8CVSS5.7AI score0.00227EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-15537 SourceCodester Online Book Store System login.php sql injection

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-15537

The CVE-2026-15537 affects SourceCodester Online Book Store System 1.0, with the vulnerability residing in admin/login.php where the Username parameter is SQL-injected. This allows a remote attacker to exploit the flaw (PROOF-OF-CONCEPT) and aligns with a high-severity CVSS in the provided metric...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-15532 SourceCodester Online Book Store System User Management cross site scripting

A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...

4.8CVSS0.0021EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43278

A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...

4.8CVSS4.7AI score0.0021EPSS
Exploits0References6
Rows per page
Query Builder