11506 matches found
CVE-2026-42900
The CVE-2026-42900 entry concerns a race condition caused by improper synchronization in the Windows App Store. Reported impact is privilege elevation over a network, implying an unauthorized attacker could exploit a timing-related flaw to escalate access. Documents consistently describe a concur...
CVE-2026-52839
Easy!Appointments versions before 1.6.0 allow cross-provider appointment injection via unauthorized use of the store and update endpoints. The vulnerability arises because store/update do not verify that id_users_provider belongs to the current session, enabling a provider to add or reassign appo...
CVE-2026-52839 Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass
Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the appointments/search response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints appointments/store and...
EUVD-2026-43637
In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...
CVE-2026-15076
In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...
EUVD-2026-43282
A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...
EUVD-2026-43295
A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...
EUVD-2026-43296
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...
CVE-2026-15540
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...
CVE-2026-15539
A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...
CVE-2026-15537
A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...
CVE-2026-15540 SourceCodester Online Book Store System Administrative index.php php file inclusion
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...
CVE-2026-15540
CVE-2026-15540 affects SourceCodester Online Book Store System 1.0. The Administrative Interface file /admin/index.php contains a vulnerability where manipulating the page parameter leads to improper control of the filename used in include/require statements in PHP, i.e., a local file inclusion. ...
CVE-2026-15532
A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...
CVE-2026-15539 SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload
A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...
CVE-2026-15539
SourceCodester Online Book Store System 1.0 is affected by a vulnerability in the Book Image Upload Feature (admin/index.php?page=books) that allows unrestricted file upload. The issue enables remote attacker manipulation leading to unrestricted upload, as disclosed publicly. No remediation detai...
CVE-2026-15537 SourceCodester Online Book Store System login.php sql injection
A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...
CVE-2026-15537
The CVE-2026-15537 affects SourceCodester Online Book Store System 1.0, with the vulnerability residing in admin/login.php where the Username parameter is SQL-injected. This allows a remote attacker to exploit the flaw (PROOF-OF-CONCEPT) and aligns with a high-severity CVSS in the provided metric...
CVE-2026-15532 SourceCodester Online Book Store System User Management cross site scripting
A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...
EUVD-2026-43278
A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...