Lucene search
+L

753 matches found

euvd
euvd
added 3 days ago6 views

EUVD-2026-43271

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scanprojecticons/syncicon. Such manipulation of the argument iconsfile leads to path traversal. An attack has to be approached locally. The exploit has been disclosed t...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References6
euvd
euvd
added 3 days ago8 views

EUVD-2026-43266

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References6
ptsecurity
ptsecurity
added 4 days ago7 views

PT-2026-57619

Name of the Vulnerable Software and Affected Versions Shibby Tomato versions prior to 1.28.0000 Description A stack-based buffer overflow exists in the DNS List Rendering component within the /usr/sbin/httpd file. The issue occurs in the sub 407220 function and can be exploited remotely. A...

9CVSS7.3AI score0.00738EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/08 2:30 p.m.38 views

CVE-2026-15036 Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...

5.3CVSS0.00396EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/06 4:0 a.m.36 views

CVE-2026-14795 CodeAstro Apartment Visitor Management System action-visitor.php sql injection

A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such manipulation of the argument remark leads to sql injection. The attack may be performed from remote. Th...

6.5CVSS0.002EPSS
Exploits0References6
nvd
nvd
added 2026/07/05 3:16 a.m.11 views

CVE-2026-14694

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS0.002EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/04 10:15 p.m.35 views

CVE-2026-14659 itsourcecode Hospital Management System patientappointment.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public...

6.5CVSS0.00319EPSS
Exploits0References6
cve
cve
added 2026/06/29 10:45 a.m.16 views

CVE-2026-13560

Summary : CVE-2026-13560 affects Edimax EW-7478APC (firmware 1.04). The vulnerable component is the POST Request Handler’s /goform/formAccept function, where manipulating the argument submit-url enables an OS command injection . The attack is remote and the exploit has been disclosed publicly. Th...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/28 12:0 a.m.15 views

PT-2026-53115

Name of the Vulnerable Software and Affected Versions code-projects Project Management System version 1.0 Description Cross site scripting XSS occurs in the Mail Compose Page component within the /mail.php endpoint. This issue allows a remote attacker to execute malicious scripts through the...

5.1CVSS5.8AI score0.00203EPSS
Exploits0References10
patchstack
patchstack
added 2026/06/23 4:40 p.m.7 views

WordPress WhatsOrder – Instant Checkout for WooCommerce plugin <= 1.0.1 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WhatsOrder – Instant Checkout for WooCommerce versions = 1.0.1...

5.3CVSS5.8AI score0.00308EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/21 12:15 a.m.45 views

CVE-2026-12770 BerriAI litellm Admin Key key_management_endpoints.py improper authorization

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS0.00337EPSS
Exploits1References7
nvd
nvd
added 2026/06/15 2:16 a.m.12 views

CVE-2026-12204

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS0.00292EPSS
Exploits0References5
euvd
euvd
added 2026/06/08 6:30 p.m.10 views

EUVD-2026-35185

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /homesalary.php. The manipulation of the argument rate/salaryrate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2026/06/08 3:45 a.m.11 views

CVE-2026-11485 SourceCodester Class and Exam Timetabling System archive2.php sql injection

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly...

7.5CVSS7AI score0.00275EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.18 views

PT-2026-47309

A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be...

9CVSS6.2AI score0.00466EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10060

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

9.8CVSS6.2AI score0.0501EPSS
Exploits1References1
euvd
euvd
added 2026/06/05 3:45 p.m.11 views

EUVD-2026-34851

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS4AI score0.00273EPSS
Exploits0References6
nvd
nvd
added 2026/06/04 3:16 p.m.18 views

CVE-2026-10811

A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the argument efid leads to sql injection. The attack may be performed from remote. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/06/02 4:1 p.m.13 views

CVE-2026-10220

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function servepluginskill/skillview of the file tools/skillstool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and ma...

7.5CVSS5.5AI score0.00304EPSS
Exploits0References1
nvd
nvd
added 2026/06/01 11:16 a.m.14 views

CVE-2026-10250

A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out...

7.5CVSS0.00263EPSS
Exploits0References6
Rows per page
Query Builder