Lucene search
K

7 matches found

NVD
NVD
added 2026/03/27 3:16 a.m.4 views

CVE-2026-4909

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

4.8CVSS0.00279EPSS
Exploits0References5
NVD
NVD
added 2025/12/25 9:15 p.m.5 views

CVE-2025-15087

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper...

5.3CVSS0.00231EPSS
Exploits1References4
NVD
NVD
added 2025/09/17 5:15 p.m.4 views

CVE-2025-10600

A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the argument img causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used...

9.8CVSS0.00424EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.12 views

CVE-2024-50945

An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product...

0.00603EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/16 10:15 p.m.6 views

CVE-2022-24983

Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This occurs because the Unique...

9.8CVSS6.4AI score0.02707EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/03/19 2:29 p.m.3 views

CVE-2018-8761

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

7.5CVSS5.5AI score0.0089EPSS
Exploits0References2
OSV
OSV
added 2018/03/19 2:29 p.m.5 views

CVE-2018-8761

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

7.5CVSS5.8AI score0.0089EPSS
Exploits0References1
Rows per page
Query Builder