Lucene search
K

303166 matches found

F5 Networks
F5 Networks
added 5 hours ago2 views

K000162085: Spring Data MongoDB vulnerability CVE-2026-41717

Security Advisory Description Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions...

8.1CVSS5.9AI score0.00328EPSS
Exploits0
GithubExploit
GithubExploit
added yesterday20 views

Exploit for CVE-2026-9290

CVE-2026-9290 — WP User Manager LFI to RCE Exploit Pre-Auth Path...

7.5CVSS6AI score0.02403EPSS
Exploits1
NVD
NVD
added yesterday5 views

CVE-2026-14767

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-41777

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score
Exploits0References6
Cvelist
Cvelist
added yesterday11 views

CVE-2026-14767 CodeAstro Ecommerce Website POST Parameter confirm.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS
Exploits0References6
CVE
CVE
added yesterday7 views

CVE-2026-14767

CodeAstro Ecommerce Website 1.0 contains a SQL injection in the POST Parameter Handler within /ecommerce-website-php/customer/confirm.php (invoice_no). The vulnerability can be triggered remotely; the exploit has been released publicly. The CVSS-derived metrics in the sources indicate network att...

6.5CVSS6.5AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-14767

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score
Exploits0References6Affected Software1
NVD
NVD
added yesterday6 views

CVE-2026-14766

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...

6.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-41776

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...

6.5CVSS5.8AI score
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-14766

CVE-2026-14766 affects CodeAstro Apartment Visitor Management System 1.0. The vulnerability targets the POST Parameter Handler, specifically the /apartment-visitor/search-result.php endpoint, where manipulation of the searchdata parameter leads to SQL injection. According to the sources, exploita...

6.5CVSS6.5AI score
Exploits0References6
Cvelist
Cvelist
added yesterday14 views

CVE-2026-14766 CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...

6.5CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-14766

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...

6.5CVSS6.5AI score
Exploits0References6Affected Software1
GithubExploit
GithubExploit
added yesterday29 views

Exploit for CVE-2026-10104

CVE-2026-10104: Stored Cross-Site Scripting in Product Video G...

4.4CVSS6.1AI score0.00263EPSS
Exploits1
GithubExploit
GithubExploit
added yesterday30 views

Exploit for CVE-2025-59382

CVE-2025-59382: QNAP Password Reset to Account Takeover Unaut...

5.1CVSS6.1AI score0.00288EPSS
Exploits1
GithubExploit
GithubExploit
added yesterday37 views

VDT

Vulnerability Discovery Training VDT Training data for adva...

5.9AI score
Exploits0
NVD
NVD
added yesterday6 views

CVE-2026-14694

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-14692

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS0.002EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday20 views

PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. id: CVE-2023-40752 info: name: PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...

6.1CVSS6.4AI score0.00974EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday45 views

Easy Social Feed < 6.2.7 - Cross-Site Scripting

Easy Social Feed 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor. id: CVE-2021-25120 info: name: Easy...

6.1CVSS6.3AI score0.02909EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday17 views

Chamilo model.ajax.php - SQL Injection

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. id: CVE-2021-34187 info: name: Chamilo model.ajax.php - SQL Injection author: DhiyaneshDK severity: critical description: | main/inc/ajax/model.ajax.php in Chamilo...

9.8CVSS7.3AI score0.16181EPSS
Exploits1References2
Rows per page
Query Builder