14739 matches found
CVE-2026-1469
Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...
xss
No d...
Directory Traversal
Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...
CVE-2026-24687
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2025-57793
CVE-2025-57793 affects Explorance Blue before 8.14.9. The vulnerability is a SQL injection caused by insufficient validation of user-supplied input in a web application component, allowing crafted input to be executed in backend queries. The issue is exploitable without authentication, heightenin...
Explorance Blue security vulnerabilities
Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.9 contained security vulnerabilities. These vulnerabilities were due to insufficient input validation on the web application endpoints, which could...
Explorance Blue security vulnerabilities
Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.9 contained security vulnerabilities. These vulnerabilities were due to insufficient input validation in the web application components, which could...
CVE-2025-69564
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...
CVE-2025-69559
code-projects Computer Book Store 1.0 is vulnerable to File Upload in adminadd.php...
CVE-2025-69559
code-projects Computer Book Store 1.0 is vulnerable to File Upload in adminadd.php...
xss-attacks
...
EUVD-2026-4748
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in ‘/evaluacionaccionesverauto.aspx’, could allow an attacker to extract...
CVE-2026-24346
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...
EUVD-2026-4823
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...
CVE-2026-24346
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...
PT-2026-4881
Name of the Vulnerable Software and Affected Versions EZCast Pro II version 1.17478.146 Description The Admin UI of EZCast Pro II utilizes well-known default credentials, potentially allowing attackers to gain access to protected areas within the web application. Recommendations Change the defaul...
Exploit for CVE-2026-22686
CVE-2026-22686 Web Application PoC Critical Sandbox Escape...
CVE-2026-24136
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...
CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...