Lucene search
K

660 matches found

EUVD
EUVD
added 2026/04/01 6:0 a.m.3 views

EUVD-2026-17820

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit...

7.5CVSS6.8AI score0.00333EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/01 6:0 a.m.35 views

CVE-2026-5257 code-projects Simple Laundry System Parameter delstaffinfo.php sql injection

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit...

7.5CVSS0.00333EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/01 5:15 a.m.34 views

CVE-2026-5255 code-projects Simple Laundry System Parameter delstaffinfo.php cross site scripting

A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in cross site scripting. The attack may be launched remotely. The exploit is now...

5.3CVSS0.0027EPSS
Exploits1References5
CVE
CVE
added 2026/04/01 5:15 a.m.12 views

CVE-2026-5255

CVE-2026-5255 affects code-projects Simple Laundry System 1.0, specifically an issue in the Parameter Handler’s delstaffinfo.php where manipulating the userid parameter triggers cross-site scripting. The vulnerability can be exploited remotely, and the exploit is public, indicating potential real...

6.1CVSS4.4AI score0.0027EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

Code-Projects Simple Laundry System 代码注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a code...

6.1CVSS5.7AI score0.0027EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29471

A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in cross site scripting. The attack may be launched remotely. The exploit is now...

5.3CVSS4.4AI score0.0027EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/27 3:31 a.m.4 views

EUVD-2026-16527

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS6.8AI score0.00393EPSS
Exploits1References6
NVD
NVD
added 2026/03/27 3:16 a.m.4 views

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

9.8CVSS0.00393EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/27 2:25 a.m.35 views

CVE-2026-4908 code-projects Simple Laundry System Parameter modstaffinfo.php sql injection

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS0.00393EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/27 2:25 a.m.3 views

CVE-2026-4908 code-projects Simple Laundry System Parameter modstaffinfo.php sql injection

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS6.8AI score0.00393EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:25 a.m.4 views

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS6.8AI score0.00393EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/27 2:25 a.m.15 views

CVE-2026-4908

The CVE-2026-4908 entry concerns code-projects Simple Laundry System 1.0. The vulnerability resides in the Parameter Handler’s modstaffinfo.php, where manipulating the userid parameter enables SQL injection. The flaw is exploitable remotely and has seen public exploit activity. Connected sources ...

9.8CVSS6.8AI score0.00393EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.10 views

CVE-2026-30967

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.9. and 8.6.22, the OAuth2 authentication adapter, when configured without the useridField option, only verifies that a token is active via the provider's token introspectio...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/22 3:31 p.m.6 views

EUVD-2026-14306

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References4
CVE
CVE
added 2026/03/22 1:2 p.m.8 views

CVE-2026-4548

CVE-2026-4548 affects mickasmt next-saas-stripe-starter 1.0.0. The vulnerable component is the function updateUserrole in actions/update-user-role.ts, where manipulation of arguments userId/role leads to improper authorization. The impact is described as remote exploit with network access; the vu...

6.5CVSS6.4AI score0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.9 views

Next SaaS Stripe Starter 授权问题漏洞

Next SaaS Stripe Starter is an integrated payment and authentication SaaS project starter developed by mickasmt as a personal developer. Version 1.0.0 of Next SaaS Stripe Starter contains an authorization issue vulnerability. This vulnerability stems from incorrect operations with the parameter...

6.5CVSS6.6AI score0.00195EPSS
Exploits0References3
NVD
NVD
added 2026/03/21 4:17 a.m.6 views

CVE-2026-3460

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS0.00324EPSS
Exploits0References7
CVE
CVE
added 2026/03/21 3:26 a.m.10 views

CVE-2026-3460

CVE-2026-3460 concerns the REST API TO MiniProgram plugin for WordPress. The vulnerability allows an authenticated user with Subscriber-level access or higher to modify arbitrary users’ store-related metadata (storeinfo, storeappid, storename) via an attacker-controlled userid parameter in the RE...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.29 views

CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS0.00324EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.10 views

CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References7
Rows per page
Query Builder