Lucene search
K

1976 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2025-210372

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-13579

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-13559 code-projects Real State Services single-list_sale.php add sql injection

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

7.5CVSS0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-13550 itsourcecode Baptism Information Management System delbaptism.php sql injection

A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been mad...

7.5CVSS0.00263EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.5 views

WordPress MP Customize Login Page plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin MP Customize Login Page versions = 1.0...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50651

Name of the Vulnerable Software and Affected Versions Fancy Testimonials versions prior to 1.1 Description The Fancy Testimonials plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the author attribute o...

6.4CVSS6AI score0.00187EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/17 7:25 p.m.5 views

WordPress Fancy Testimonials plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Fancy Testimonials versions = 1.0...

6.4CVSS5.2AI score0.00187EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.20 views

CVE-2025-69124 WordPress Especio theme <= 1.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Especio = 1.0 versions...

8.1CVSS0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-11585

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been...

6.5CVSS6.5AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:46 a.m.8 views

CVE-2026-46748

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the capdacoverride capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...

8.8CVSS5.5AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47639

Name of the Vulnerable Software and Affected Versions Product Filter Widget for Elementor versions prior to 1.0.7 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This is achieved via a CSRF-style form auto-submission...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/08 10:30 a.m.35 views

CVE-2026-11506 CodeAstro Leave Management System search_staff_for_deletion.php sql injection

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS0.002EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

Code-Projects Simple Flight Ticket Booking System 注入漏洞

Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the code-projects Simple Flight Ticket Booking System has a vulnerability due to incorrect handling of the Username parameter in the POST Parameter Handler...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-6202

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-37590

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/managerent.php...

2.7CVSS5.7AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-37596

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...

2.7CVSS5.7AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6864

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.7AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 4:16 p.m.16 views

CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

5.5CVSS0.00168EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:45 p.m.7 views

CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

2.1CVSS5.8AI score0.00168EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2026/06/04 2:16 p.m.13 views

CVE-2026-10808

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /managestudent.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be use...

6.5CVSS0.002EPSS
Exploits0References6
Rows per page
Query Builder