Lucene search
K

35 matches found

CVE
CVE
added 6 days ago11 views

CVE-2026-15137

CVE-2026-15137 affects code-projects Interview Management System 1.0. The vulnerability arises from insecure handling of the input argument ID in file inc\classes\View.php , which enables SQL injection . The issue is exploitable remotely with no authentication, and public exploits are reported. C...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-39955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre- authentication SQL Injection via unanchored...

9.8CVSS6.2AI score0.00315EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 11:16 p.m.3 views

DEBIAN-CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 11:16 p.m.4 views

DEBIAN-CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS5.9AI score0.00456EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 11:16 p.m.5 views

UBUNTU-CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 10:49 p.m.24 views

CVE-2026-39955 Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS0.00315EPSS
Exploits0References2
NVD
NVD
added 2026/04/27 5:16 p.m.6 views

CVE-2026-38935

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

6.1CVSS0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 12:0 a.m.8 views

EUVD-2026-25890

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

6.1CVSS4.8AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.10 views

PT-2026-35457

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

6.1CVSS4.8AI score0.00194EPSS
Exploits0References4
CVE
CVE
added 2026/04/27 12:0 a.m.18 views

CVE-2026-38935

Diskover Community is affected by a reflected XSS in public/view.php via the doctype parameter, impacting versions

6.1CVSS4.8AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.3 views

CVE-2026-36920

Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php...

5.9AI score0.00225EPSS
Exploits1References1
NVD
NVD
added 2026/03/02 3:16 p.m.8 views

CVE-2026-26694

code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modalview.php...

9.8CVSS0.00496EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/06 10:32 a.m.4 views

CVE-2025-11332 CmsEasy URL view.php cross site scripting

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...

5.1CVSS3.4AI score0.00275EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/06 10:32 a.m.12 views

CVE-2025-11332 CmsEasy URL view.php cross site scripting

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...

5.1CVSS0.00275EPSS
Exploits1References4
CVE
CVE
added 2025/09/22 3:32 a.m.17 views

CVE-2025-10780

CodeAstro Simple Pharmacy Management 1.0 is affected by a SQL injection in the /view.php handler caused by manipulation of the bar_code parameter. The vulnerability enables remote exploitation and has public exploits/disclosures. Affected component: /view.php, bar_code input; root cause: improper...

8.8CVSS6.4AI score0.00308EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/22 3:32 a.m.1 views

CVE-2025-10780 CodeAstro Simple Pharmacy Management view.php sql injection

A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument barcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

6.5CVSS6.6AI score0.00308EPSS
Exploits1References5
OSV
OSV
added 2025/09/04 10:42 a.m.8 views

CVE-2025-9929

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

4.8CVSS4.2AI score
Exploits0References5
OSV
OSV
added 2025/08/30 2:15 p.m.5 views

UBUNTU-CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

8.7CVSS6.2AI score0.01781EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/01/26 12:0 a.m.4 views

image_gallery 跨站脚本漏洞

imagegallery is an image gallery management system by the individual developer Md. Yamin Hossain of Bangladesh. A cross-site scripting vulnerability exists in imagegallery version 1.0, which stems from a cross-site scripting attack due to improper handling of the username parameter in the...

6.1CVSS4.5AI score0.0051EPSS
Exploits1References7
OSV
OSV
added 2025/01/03 1:15 a.m.4 views

CVE-2025-0175

A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

6.1CVSS3.9AI score0.00385EPSS
Exploits1References5
Rows per page
Query Builder