| CVE-2026-10810 |
medium |
4.3 |
4.3 |
|
|
|
22h ago |
A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument page causes cross site scri… |
| CVE-2026-10809 |
medium |
6.3 |
6.3 |
|
|
|
22h ago |
A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manage_user.php. The manipulation of the argument ID results in sql injec… |
| CVE-2026-10808 |
medium |
6.3 |
6.3 |
|
|
|
22h ago |
A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argument ID leads to sql injection… |
| CVE-2026-10807 |
medium |
6.3 |
6.3 |
|
|
|
22h ago |
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of t… |
| CVE-2026-10806 |
medium |
6.3 |
6.3 |
|
|
|
22h ago |
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_fi… |
| CVE-2025-62338 |
low |
3.3 |
3.3 |
|
|
|
22h ago |
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure. |
| CVE-2025-59874 |
high |
8.1 |
8.1 |
|
|
|
22h ago |
HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site v… |
| CVE-2025-46638 |
high |
7.5 |
7.5 |
|
|
|
22h ago |
Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a Denial o… |
| CVE-2019-25745 |
high |
8.2 |
8.2 |
|
|
|
22h ago |
WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through th… |
| CVE-2019-25744 |
medium |
6.4 |
6.4 |
|
|
|
22h ago |
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title … |
| CVE-2019-25743 |
medium |
6.4 |
6.4 |
|
|
|
22h ago |
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title fiel… |
| CVE-2019-25742 |
medium |
6.4 |
6.4 |
|
|
|
22h ago |
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when crea… |
| CVE-2019-25741 |
critical |
9.8 |
9.8 |
|
|
|
22h ago |
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code… |
| CVE-2019-25740 |
medium |
6.5 |
6.5 |
|
|
|
22h ago |
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requ… |
| CVE-2019-25739 |
medium |
6.4 |
6.4 |
|
|
|
22h ago |
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers… |
| CVE-2019-25738 |
critical |
9.8 |
9.8 |
|
|
|
22h ago |
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option actio… |
| CVE-2019-25737 |
high |
7.2 |
7.2 |
|
|
|
22h ago |
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay… |
| CVE-2019-25736 |
high |
8.4 |
8.4 |
|
|
|
22h ago |
LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a… |
| CVE-2019-25735 |
high |
8.4 |
8.4 |
|
|
|
22h ago |
AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Att… |
| CVE-2019-25734 |
medium |
4.0 |
4.0 |
|
|
|
22h ago |
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanit… |
| CVE-2019-25733 |
high |
8.4 |
8.4 |
|
|
|
22h ago |
NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a… |
| CVE-2019-25732 |
high |
8.2 |
8.2 |
|
|
|
22h ago |
PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers… |
| CVE-2019-25731 |
high |
7.2 |
7.2 |
|
|
|
22h ago |
Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje… |
| CVE-2019-25730 |
high |
8.2 |
8.2 |
|
|
|
22h ago |
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can s… |
| CVE-2019-25729 |
critical |
9.8 |
9.8 |
|
|
|
22h ago |
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie paramete… |
| CVE-2019-25728 |
high |
8.2 |
8.2 |
|
|
|
22h ago |
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject … |
| CVE-2019-25727 |
critical |
9.8 |
9.8 |
|
|
|
22h ago |
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers… |
| CVE-2019-25726 |
high |
8.2 |
8.2 |
|
|
|
22h ago |
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. At… |
| CVE-2026-4104 |
critical |
9.8 |
9.8 |
|
|
|
1d ago |
Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection.
This issue affects TeknoPass: f… |
| CVE-2026-10843 |
high |
7.2 |
7.2 |
|
|
|
1d ago |
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being rest… |
| CVE-2026-10840 |
critical |
9.6 |
9.6 |
|
|
|
1d ago |
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources… |
| CVE-2026-10804 |
low |
3.6 |
3.6 |
|
|
|
1d ago |
A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation l… |
| CVE-2026-10803 |
low |
3.6 |
3.6 |
|
|
lfprojects |
1d ago |
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipu… |
| CVE-2026-10802 |
medium |
4.3 |
4.3 |
|
|
|
1d ago |
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL … |
| CVE-2025-52612 |
high |
8.8 |
8.8 |
|
|
hcltech |
1d ago |
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input param… |
| CVE-2025-52611 |
medium |
4.3 |
4.3 |
|
|
hcltech |
1d ago |
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Spec… |
| CVE-2025-52609 |
medium |
5.3 |
5.3 |
|
|
hcltech |
1d ago |
HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers. |
| CVE-2025-52608 |
medium |
4.3 |
4.3 |
|
|
hcltech |
1d ago |
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path… |
| CVE-2025-52606 |
medium |
4.3 |
4.3 |
|
|
hcltech |
1d ago |
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain… |
