Lucene search
K
CvelistRecent

363402 matches found

Cvelist
Cvelist
•added 1 hour ago•3 views

CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-14798 CodeAstro Apartment Visitor Management System visitor-entry.php sql injection

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added 2 hours ago•3 views

CVE-2026-14797 CodeAstro Apartment Visitor Management System edit-apartment.php sql injection

A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added 2 hours ago•4 views

CVE-2026-14796 CodeAstro Apartment Visitor Management System report.php sql injection

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the argument fromdate results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added 3 hours ago•3 views

CVE-2026-14795 CodeAstro Apartment Visitor Management System action-visitor.php sql injection

A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such manipulation of the argument remark leads to sql injection. The attack may be performed from remote. Th...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added 3 hours ago•5 views

CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
•added 3 hours ago•4 views

CVE-2026-14793 Craft CMS reorder-sets Endpoint GlobalsController.php actionReorderSets authorization

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
•added 4 hours ago•4 views

CVE-2026-14792 Formbricks Survey actions.ts access control

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS
Exploits0References8
Cvelist
Cvelist
•added 4 hours ago•7 views

CVE-2026-14791 crater-invoice-inc crater Invoice Note InvoicesRequest.php getFormattedString cross site scripting

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS
Exploits0References6
Cvelist
Cvelist
•added 4 hours ago•7 views

CVE-2026-14790 GPAC Media File write_nhml.c nhmldump_send_frame null pointer dereference

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS
Exploits0References7
Cvelist
Cvelist
•added 5 hours ago•7 views

CVE-2026-14789 radareorg radare2 Memory64ListStream mdmp.c stack-based overflow

A vulnerability was detected in radareorg radare2 up to 6.1.6. Affected by this issue is some unknown functionality of the file libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream Parser. Performing a manipulation results in stack-based buffer overflow. The attack requires a local...

4.8CVSS
Exploits0References7
Cvelist
Cvelist
•added 5 hours ago•5 views

CVE-2026-14788 radareorg radare2 cfile.c r_core_bin_load use after free

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS
Exploits0References7
Cvelist
Cvelist
•added 5 hours ago•5 views

CVE-2026-14803 Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

Exploits0References2
Cvelist
Cvelist
•added 5 hours ago•6 views

CVE-2026-14787 radareorg radare2 pb Print cmd_print.inc cmd_print integer overflow

A weakness has been identified in radareorg radare2 up to 6.1.6. Affected is the function cmdprint in the library libr/core/cmdprint.inc of the component pb Print Command Handler. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been made availab...

4.8CVSS
Exploits0References7
Cvelist
Cvelist
•added 6 hours ago•7 views

CVE-2026-14786 radareorg radare2 str.c r_str_word_get0set integer overflow

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This impacts the function rstrwordget0set of the file libr/util/str.c. The manipulation results in integer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be use...

4.8CVSS
Exploits0References7
Cvelist
Cvelist
•added 7 hours ago•6 views

CVE-2026-14784 vxcontrol PentAGI Docker API client.go sandbox

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS
Exploits0References7
Cvelist
Cvelist
•added yesterday•6 views

CVE-2026-14783 NousResearch hermes-agent skills_tool.py skill_view path traversal

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skillview of the file tools/skillstool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS
Exploits0References8
Cvelist
Cvelist
•added yesterday•9 views

CVE-2026-14778 SourceCodester Onlne Examination & Learning Management System Enrollment Management ajax_enroll.php improper authorization

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•7 views

CVE-2026-14777 SourceCodester Onlne Examination & Learning Management System announcements.php unrestricted upload

A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-14776 SourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-14775 SourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted upload

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-14774 itsourcecode Hospital Management System paymentdischarge.php sql injection

A vulnerability was determined in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and ma...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-10657 Out-of-bounds read in Zephyr DNS resolver mDNS suffix check (memcmp past string NUL)

Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...

3.7CVSS
Exploits0References2
Cvelist
Cvelist
•added yesterday•7 views

CVE-2026-10656 NULL-pointer dereference DoS in MAX32 USB device controller transfer-completion handlers

The MAX32xxx USB device controller driver drivers/usb/udc/udcmax32.c, compatible adimax32usbhs dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udceventxferoutdone called netbufaddbuf, eprequest-actlen immediately after buf =...

4.6CVSS
Exploits0References2
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-14773 itsourcecode Hospital Management System payment.php sql injection

A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•15 views

CVE-2026-14772 SourceCodester Class and Exam Timetabling System edit_course1.php sql injection

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-59520 WordPress CrawlWP SEO plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-59519 WordPress FormLayer plugin <= 1.0.6 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-59511 WordPress Exclusive Addons Elementor plugin <= 2.7.9.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-14771 SourceCodester Class and Exam Timetabling System edit_exam1.php sql injection

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /editexam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-14770 SourceCodester Class and Exam Timetabling System edit_room.php sql injection

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editroom.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-14769 code-projects Real State Services pay.php sql injection

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-14768 code-projects Real State Services builderHome.php sql injection

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-14767 CodeAstro Ecommerce Website POST Parameter confirm.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•14 views

CVE-2026-14766 CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...

6.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•14 views

CVE-2026-59510 Authenticated Path Traversal in AIL Framework PDF Object Handling Enables Potential Arbitrary File Read

AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•15 views

CVE-2026-14764 code-projects Hotel and Tourism Reservation Event Management add_event.php sql injection

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-14763 code-projects Hotel and Tourism Reservation Tour Reservations tour_reserves.php sql injection

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tourreserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection. The attack can be initiated remotely. The exploit ha...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•11 views

CVE-2026-14762 code-projects Hotel and Tourism Reservation Room Management rooms.php sql injection

A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•12 views

CVE-2026-14761 radareorg radare2 str.c r_str_append integer overflow

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function rstrndup/rstrappend of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be...

4.8CVSS
Exploits0References7
Cvelist
Cvelist
•added yesterday•16 views

CVE-2026-14760 radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free

A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function rcoreseekarchbits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made availabl...

4.8CVSS
Exploits0References7
Cvelist
Cvelist
•added yesterday•15 views

CVE-2026-14759 radareorg radare2 RBinJava Line Number Table class.c r_bin_java_inner_classes_attr_calc_size heap-based overflow

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS
Exploits0References7
Cvelist
Cvelist
•added yesterday•16 views

CVE-2026-14758 radareorg radare2 hexpairs cmd_anal.inc.c cmd_anal_opcode integer overflow

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...

4.8CVSS
Exploits0References7
Cvelist
Cvelist
•added yesterday•15 views

CVE-2026-6509 Privilege Escalation in TUBITAK BILGEM's Pardus Update

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation. This issue affects Pardus Update: from =0.6.3 before 0.6.6...

7.8CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•14 views

CVE-2026-14757 radareorg radare2 cmd_anal.inc core_anal_bytes integer overflow

A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function coreanalbytes of the file libr/core/cmdanal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•17 views

CVE-2026-9085 DNS Hijacking in TUBITAK BILGEM's Pardus-Parental-Control

Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing. This issue affects Pardus-Parental-Control: from =0.5.1 before 0.7.0...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•14 views

CVE-2026-12386 Buffer Overflow in TUBITAK BILGEM's Pardus Pen

Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers. This issue affects Pardus Pen: from =4.1.5 before 4.2.1...

3.9CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•15 views

CVE-2026-14756 code-projects Hotel and Tourism Reservation Tour Management add_tour.php sql injection

A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/addtour.php of the component Tour Management Page. The manipulation of the argument deleteimage results in sql injection. The attack may be launche...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
•added yesterday•13 views

CVE-2026-12250 Sensitive Data Exposure in TUBITAK BILGEM's Pardus Domain Joiner

Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4...

7.9CVSS
Exploits0References1
Cvelist
Cvelist
•added yesterday•10 views

CVE-2026-14755 code-projects Hotel and Tourism Reservation Reservations Management reservations.php sql injection

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The atta...

7.5CVSS
Exploits0References6
Total number of security vulnerabilities363402