Lucene search
+L

1883 matches found

Cvelist
Cvelist
added 2026/07/05 10:45 p.m.33 views

CVE-2026-14775 SourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted upload

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS0.00214EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.11 views

PT-2026-55832

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the /process lesson.php file where manipulation of the user id variable allows for unrestricted file upload. This flaw can be exploited...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References12
NVD
NVD
added 2026/07/04 9:17 p.m.9 views

CVE-2026-14654

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS0.00412EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 9:0 p.m.9 views

CVE-2026-14654

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS5.9AI score0.00412EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/04 9:0 p.m.33 views

CVE-2026-14654 SourceCodester Simple and Nice Shopping Cart Script girlsproductdeletequery.php sql injection

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS0.00412EPSS
Exploits0References6
CVE
CVE
added 2026/07/04 9:0 p.m.25 views

CVE-2026-14654

CVE-2026-14654 concerns an SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0. The flaw affects an unknown function in the file /admin/girlsproductdeletequery.php where manipulating the user_id argument enables injection. The vulnerability can be exploited remotely and the e...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 8:45 p.m.31 views

CVE-2026-14653 SourceCodester Simple and Nice Shopping Cart Script mensproductdeletequery.php sql injection

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument userid causes sql injection. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS0.00412EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 8:45 p.m.8 views

CVE-2026-14653

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument userid causes sql injection. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS5.8AI score0.00412EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/04 8:45 p.m.23 views

CVE-2026-14653

SourceCodester Simple and Nice Shopping Cart Script 1.0 contains an SQL injection in /admin/mensproductdeletequery.php exposed by manipulating the user_id argument. The vulnerability is remotely exploitable (attack vector: NETWORK) with LOW to MEDIUM impacts per CVSS data: Confidentiality, Integr...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.14 views

PT-2026-55733

Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54922

Name of the Vulnerable Software and Affected Versions NodeBB affected versions not specified Description NodeBB fails to bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. While the inbound middleware verifies the HTTP-signature actor and the origin of the...

8.7CVSS5.9AI score0.00191EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/06/30 2:45 p.m.76 views

CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS0.00235EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/30 2:45 p.m.7 views

CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

5.3CVSS5.8AI score0.00235EPSS
Exploits0
CVE
CVE
added 2026/06/30 2:45 p.m.33 views

CVE-2026-4360

Summary of CVE-2026-4360 (mode C) The issue concerns Python’s tarfile TarFile.extract() where the filter parameter is not correctly applied when extracting hardlinks. The vulnerability can allow an affected system that processes tar files from untrusted sources to write files with an unexpected u...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/30 2:16 a.m.4 views

DEBIAN-CVE-2026-58302

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53894

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description In the extract function of the Tarfile module, the filter parameter is not correctly handled when extracting hardlinks. This issue allows a system extracting content from untrusted tar files t...

2CVSS6AI score0.00235EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/06/28 4:30 a.m.38 views

CVE-2026-13482 skypilot-org skypilot User ID server.py username.encode weak hash

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

6.3CVSS0.00189EPSS
Exploits0References6
CVE
CVE
added 2026/06/28 4:30 a.m.25 views

CVE-2026-13482

CVE-2026-13482 affects skypilot-org/skypilot

6.3CVSS5.2AI score0.00189EPSS
Exploits0References6
NVD
NVD
added 2026/06/27 9:16 a.m.11 views

CVE-2026-49413

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

7.1CVSS0.00098EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/27 9:8 a.m.38 views

CVE-2026-49413 Flaw in Linuxulator execution of setugid binaries

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

0.00098EPSS
Exploits1References1
Rows per page
Query Builder