Lucene search
K
RedhatcveRecent

206407 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•10 views

CVE-2026-5987

A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker Template Handler...

5.8CVSS5.1AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•12 views

CVE-2026-5825

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and ma...

5.3CVSS4.1AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•12 views

CVE-2026-5834

A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...

4.8CVSS3.9AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•8 views

CVE-2026-5222

A flaw was found in rust-cargo. The Cargo tool, used for managing Rust projects, incorrectly handled the URLs of third-party registries when using the sparse index protocol. This vulnerability could allow an attacker, who is able to publish packages in a registry, to obtain sensitive credentials...

6.5CVSS5.3AI score0.00328EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•10 views

CVE-2026-5840

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/checkavailability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS5.4AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•12 views

CVE-2026-5537

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function checksel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...

6.5CVSS6.3AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•10 views

CVE-2026-5803

A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request...

6.5CVSS6.2AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•10 views

CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.3CVSS5.5AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•13 views

CVE-2026-5999

A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor...

6.5CVSS6AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•15 views

CVE-2026-5847

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

5.3CVSS5.2AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•9 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS5.5AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•9 views

CVE-2026-5306

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...

5.4CVSS5.4AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•9 views

CVE-2026-49381

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...

4.8CVSS5.4AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•11 views

CVE-2026-5083

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

5.3CVSS5.4AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•11 views

CVE-2026-49318

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS5.5AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•9 views

CVE-2026-5090

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6.1CVSS5.7AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•11 views

CVE-2026-49361

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

7.5CVSS5.5AI score0.0058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•11 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS5.5AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•9 views

CVE-2026-5171

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•12 views

CVE-2026-49942

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...

7.3CVSS5.4AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•13 views

CVE-2026-5559

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

6.5CVSS5.7AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•10 views

CVE-2026-5812

A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initia...

5.5CVSS5.6AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•10 views

CVE-2026-5823

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowedtoolreport.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•9 views

CVE-2026-49941

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...

7.5CVSS5.4AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•11 views

CVE-2026-5838

A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed...

5.8CVSS5.5AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•9 views

CVE-2026-49940

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

6.5CVSS5.4AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•9 views

CVE-2026-49380

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible...

6.1CVSS5.4AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•10 views

CVE-2026-5836

A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminproduct.php. The manipulation of the argument productname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

4.8CVSS3.6AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•10 views

CVE-2026-49328

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

5.3CVSS5.4AI score0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•11 views

CVE-2026-49433

The DeepAI endpoint 'https://api.deepai.org/changeuseremail' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacker can change the user's email address and take over their account. Fixed on 2026-05-20...

5CVSS5.5AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:49 p.m.•10 views

CVE-2026-49317

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS5.5AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•12 views

CVE-2026-10211

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•20 views

CVE-2026-1272

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel...

4.3CVSS5.5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

6.5CVSS5.5AI score0.00186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10301

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS4.1AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10237

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

5.8CVSS5.3AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-1248

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

4.3CVSS5.4AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10583

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

5.8CVSS5.1AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•12 views

CVE-2026-10529

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...

4.8CVSS3.5AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10228

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

5.1CVSS3.9AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10299

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

5.1CVSS5.2AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.5AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-49370

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests...

7.5CVSS5.4AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10691

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

5.3CVSS5.1AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•12 views

CVE-2026-10624

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS5AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10567

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS3.7AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•11 views

CVE-2026-10800

A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hashfeatures of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high...

3.6CVSS4.8AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-10808

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /managestudent.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be use...

6.5CVSS6.5AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•8 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS5.5AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:48 p.m.•10 views

CVE-2026-10693

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References1
Total number of security vulnerabilities206407