Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

789 matches found

RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.1 views

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.3AI score0.00011EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/01 3:15 a.m.1 views

CVE-2026-5252 z-9527 admin Message Create Endpoint message.js cross site scripting

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.3AI score0.00011EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/03/28 11:10 p.m.1 views

CVE-2026-4971

A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks...

5.3CVSS5.5AI score0.00021EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/28 11:9 p.m.1 views

CVE-2026-4972

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

4.8CVSS4.2AI score0.00041EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/27 9:27 p.m.1 views

CVE-2026-4990 chatwoot Signup Endpoint login improper authorization

A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...

7.5CVSS6.6AI score0.00053EPSS
Exploits0References3
NVD
NVDadded 2026/03/27 8:16 p.m.1 views

CVE-2026-4972

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

4.8CVSS0.00041EPSS
Exploits0References5
NVD
NVDadded 2026/03/27 6:16 p.m.0 views

CVE-2026-4966

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...

6.5CVSS0.00014EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/27 2:52 p.m.24 views

CVE-2026-4956 Shenzhen Ruiming Technology Streamax Crocus Parameter DevicePrint.do sql injection

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS0.00014EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/26 3:15 p.m.2 views

CVE-2026-4590

A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site reques...

3.1CVSS4.9AI score0.0002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/26 12:23 p.m.0 views

CVE-2026-4875

A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/modamenities/index.php?view=add. This manipulation of the argument image causes unrestricted upload. The attack is possible to be carried out remotely...

5.8CVSS5.6AI score0.00053EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/26 6:59 a.m.0 views

CVE-2026-4848

A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function of the file /admin/extend/list.html. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and...

5.3CVSS4AI score0.00042EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/03/26 6:59 a.m.30 views

CVE-2026-4848 dameng100 muucmf list.html cross site scripting

A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function of the file /admin/extend/list.html. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and...

5.3CVSS0.00042EPSS
Exploits0References4
NVD
NVDadded 2026/03/26 6:16 a.m.2 views

CVE-2026-4846

A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected element is an unknown function of the file channel/admin.Account/autoReply.html. Such manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

5.3CVSS0.00042EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/26 12:0 a.m.1 views

PT-2026-28196

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be...

7.5CVSS6.9AI score0.00045EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/03/23 2:24 p.m.22 views

CVE-2026-4590 kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery

A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site reques...

3.1CVSS0.0002EPSS
Exploits0References4
CVE
CVEadded 2026/03/23 8:48 a.m.4 views

CVE-2026-4580

The CVE-2026-4580 entry concerns code-projects Simple Laundry System 1.0, where the /checkupdatestatus.php endpoint in the Parameters Handler is vulnerable. The issue arises from manipulating the serviceId parameter, enabling SQL injection. The vulnerability is described as exploitable remotely, ...

9.8CVSS5.7AI score0.00045EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/22 9:23 a.m.1 views

CVE-2026-4543

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

6.5CVSS6.3AI score0.00622EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2026/03/22 5:16 a.m.1 views

DEBIAN-CVE-2026-4538

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

7.8CVSS5.1AI score0.00026EPSS
Exploits0References1
PyPA
PyPAadded 2026/03/22 5:16 a.m.6 views

PYSEC-2026-139

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

7.8CVSS5.6AI score0.00026EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/03/22 5:16 a.m.0 views

UBUNTU-CVE-2026-4538

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

7.8CVSS5.4AI score0.00026EPSS
Exploits0References7
Rows per page
Query Builder