Lucene search
K

95 matches found

CVE
CVE
added 6 days ago13 views

CVE-2026-15128

CVE-2026-15128 concerns an inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 that could allow a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The Chrome stable update notes indicate the fix was delivered in the 150.0.7871.114/115 ...

6.1CVSS6.1AI score0.00139EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14145

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS6AI score0.00154EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.5 views

CVE-2026-14000

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6.1CVSS6AI score0.00171EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.28 views

CVE-2026-13957

Incorrect security UI in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

0.00148EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2026-10916

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1CVSS0.00213EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:6 p.m.24 views

CVE-2026-11273

CVE-2026-11273 affects Google Chrome’s Omnibox. The issue is caused by insufficient validation of untrusted input, allowing a remote attacker to trigger UXSS via a crafted HTML page when a user visits a page and engages specific UI gestures. The documented impact is relative to UXSS with a Low se...

6.1CVSS6AI score0.00159EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.11 views

CVE-2018-25387 HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksiuser.php script with parameters like iduser, password, and leve...

6.9CVSS5.7AI score0.00175EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 11:30 p.m.7 views

CVE-2026-9606

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manageuser.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.34 views

CVE-2026-7941

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

0.00112EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.22 views

PT-2026-35436

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:0 a.m.3 views

CVE-2026-37602

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manageuser.php...

5.9AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 12:31 p.m.3 views

EUVD-2026-17353

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:0 a.m.1 views

CVE-2026-5197

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/08 2:15 p.m.7 views

CVE-2026-3737

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file adduser.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has bee...

6.5CVSS0.00254EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.8 views

CVE-2026-2158

A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /checkuser.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely...

9.8CVSS5.5AI score0.00371EPSS
Exploits1References1
NVD
NVD
added 2026/02/06 8:15 a.m.14 views

CVE-2026-2009

A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/phpaction/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS0.00254EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

SourceCodester Gas Agency Management System 访问控制错误漏洞

The SourceCodester Gas Agency Management System is an open-source gas agency management system developed by SourceCodester. Version 1.0 of the SourceCodester Gas Agency Management System contains a vulnerability related to access control. This vulnerability arises from improper handling of the fi...

6.5CVSS6.6AI score0.00254EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/02 4:32 a.m.3 views

CVE-2026-1744 D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sppppoeuser.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and coul...

4.8CVSS4AI score0.00408EPSS
Exploits1References5
Talos
Talos
added 2026/01/20 12:0 a.m.8 views

MedDream PACS Premium modifyUser reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2268 MedDream PACS Premium modifyUser reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54853 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyUser functionality of MedDream PACS Premium...

6.1CVSS5.7AI score0.00235EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.11 views

PT-2025-51148

Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A flaw exists in the Student File Management System that allows for remote code execution. The issue is located in the file /admin/delete user.php and involves the manipulati...

9.8CVSS7.9AI score0.00363EPSS
Exploits1References12
Rows per page
Query Builder