Lucene search
K

364838 matches found

NVD
NVD
•added 2026/06/08 1:16 p.m.•17 views

CVE-2026-11512

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

5.3CVSS0.00273EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 1:16 p.m.•12 views

CVE-2026-11514

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 1:16 p.m.•16 views

CVE-2026-11513

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 1:16 p.m.•13 views

CVE-2026-11515

A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passswordreset.php of the component Password Reset Handler. Such manipulation of the argument newpassword with the input...

6.9CVSS0.00276EPSS
Exploits0References5
NVD
NVD
•added 2026/06/08 1:16 p.m.•22 views

CVE-2026-11577

Rejected reason: The reported behavior does not constitute a privilege escalation. Exploitation requires the attacker to already possess the manage-realm administrative role within the realm-management client. By design, the manage-realm role is intended to be equivalent in administrative authori...

0.00329EPSS
Exploits0
NVD
NVD
•added 2026/06/08 12:16 p.m.•16 views

CVE-2026-47430

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS0.00723EPSS
Exploits0References2
NVD
NVD
•added 2026/06/08 12:16 p.m.•14 views

CVE-2026-50751

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS0.70099EPSS
Exploits5References3
NVD
NVD
•added 2026/06/08 12:16 p.m.•18 views

CVE-2026-50752

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS0.04859EPSS
Exploits0References1
NVD
NVD
•added 2026/06/08 12:16 p.m.•17 views

CVE-2026-11508

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 12:16 p.m.•15 views

CVE-2026-11569

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS0.00138EPSS
Exploits0References2
NVD
NVD
•added 2026/06/08 12:16 p.m.•18 views

CVE-2026-11507

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/deleteleavetype.php. The manipulation of the argument leavetype results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 12:16 p.m.•16 views

CVE-2026-11509

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/searchstaffforupdation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote...

6.5CVSS0.00192EPSS
Exploits0References5
NVD
NVD
•added 2026/06/08 12:16 p.m.•14 views

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 12:16 p.m.•13 views

CVE-2026-3011

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS0.00206EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 12:16 p.m.•21 views

CVE-2026-11505

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

5CVSS0.00197EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 12:16 p.m.•17 views

CVE-2026-11504

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer...

9CVSS0.00466EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 12:16 p.m.•14 views

CVE-2026-11506

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 10:16 a.m.•14 views

CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS0.00455EPSS
Exploits0References1
NVD
NVD
•added 2026/06/08 10:16 a.m.•13 views

CVE-2026-11501

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

7.5CVSS0.00263EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 10:16 a.m.•14 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS0.00281EPSS
Exploits0References8
NVD
NVD
•added 2026/06/08 10:16 a.m.•21 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS0.0025EPSS
Exploits0References7
NVD
NVD
•added 2026/06/08 10:16 a.m.•15 views

CVE-2026-11503

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...

9CVSS0.00466EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 10:16 a.m.•13 views

CVE-2024-56122

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2026/06/08 10:16 a.m.•14 views

CVE-2024-56120

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2026/06/08 10:16 a.m.•11 views

CVE-2024-56121

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2026/06/08 10:16 a.m.•13 views

CVE-2024-56123

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2026/06/08 9:16 a.m.•20 views

CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS0.02669EPSS
Exploits0References4
NVD
NVD
•added 2026/06/08 9:16 a.m.•14 views

CVE-2026-41722

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS0.00302EPSS
Exploits0References1
NVD
NVD
•added 2026/06/08 9:16 a.m.•18 views

CVE-2026-41723

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS0.00399EPSS
Exploits0References1
NVD
NVD
•added 2026/06/08 9:16 a.m.•17 views

CVE-2026-41724

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS0.00313EPSS
Exploits0References1
NVD
NVD
•added 2026/06/08 9:16 a.m.•15 views

CVE-2026-11497

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has bee...

8.8CVSS0.00432EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 9:16 a.m.•13 views

CVE-2026-11498

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

9CVSS0.03799EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 9:16 a.m.•16 views

CVE-2026-11499

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote...

10CVSS0.06561EPSS
Exploits3References6
NVD
NVD
•added 2026/06/08 7:16 a.m.•13 views

CVE-2026-11493

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etcro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level ...

5CVSS0.00224EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 7:16 a.m.•12 views

CVE-2026-11494

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly...

5.3CVSS0.00215EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 7:16 a.m.•18 views

CVE-2026-11495

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/addstock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 7:16 a.m.•20 views

CVE-2026-11491

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS0.00223EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 7:16 a.m.•14 views

CVE-2026-11492

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...

8.8CVSS0.00511EPSS
Exploits1References6
NVD
NVD
•added 2026/06/08 7:16 a.m.•12 views

CVE-2026-11490

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

7.5CVSS0.0029EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 5:16 a.m.•15 views

CVE-2026-11488

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

7.5CVSS0.00275EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 5:16 a.m.•33 views

CVE-2026-11489

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

7.5CVSS0.00275EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 5:16 a.m.•18 views

CVE-2026-11483

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in sql injection. The attack can be launched remotely. The exploit has been released to the public a...

7.5CVSS0.00275EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 5:16 a.m.•16 views

CVE-2026-11484

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS0.00275EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 5:16 a.m.•16 views

CVE-2026-11485

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly...

7.5CVSS0.00275EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 5:16 a.m.•15 views

CVE-2026-11486

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation of the argument sy results in sql injection. Remote exploitation of the attack is possible. The...

7.5CVSS0.00275EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 5:16 a.m.•16 views

CVE-2026-11487

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...

5.3CVSS0.00923EPSS
Exploits0References8
NVD
NVD
•added 2026/06/08 3:16 a.m.•12 views

CVE-2026-11479

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...

4.2CVSS0.0016EPSS
Exploits0References7
NVD
NVD
•added 2026/06/08 3:16 a.m.•14 views

CVE-2026-11480

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/08 3:16 a.m.•13 views

CVE-2026-11481

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument contenthash can lead to use of weak hash. T...

2.5CVSS0.00082EPSS
Exploits0References7
NVD
NVD
•added 2026/06/08 3:16 a.m.•11 views

CVE-2026-11482

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

7.5CVSS0.0029EPSS
Exploits0References6
Total number of security vulnerabilities364838