Skip to main content
CVE-2026-0586 LOW POC Monitor

Online Product Reservation System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-0591 LOW POC Monitor

SQL injection in the cart update handler of Online Product Reservation System 1.0 allows authenticated attackers to manipulate product ID and quantity parameters, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, affecting systems running the vulnerable PHP application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0590 LOW POC Monitor

SQL injection in the Online Product Reservation System 1.0 checkout delete function allows authenticated attackers to manipulate POST parameters and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk of data theft or manipulation.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0584 LOW POC Monitor

SQL injection in the Online Product Reservation System 1.0 via the ID parameter in app/products/left_cart.php allows authenticated attackers to read, modify, or delete database contents remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this software.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0597 LOW POC Monitor

SQL injection in Campcodes Supplier Management System 1.0 allows authenticated remote attackers to manipulate the txtRetailerAddress parameter in /retailer/edit_profile.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running PHP-based installations should implement input validation controls and restrict access to the vulnerable endpoint until patching becomes available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0582 LOW POC Monitor

SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/edit_activity_query.php, enabling remote data exfiltration, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-52517 MEDIUM This Month

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service. [CVSS 5.9 MEDIUM]

Samsung Denial Of Service Race Condition Exynos 1330 Firmware Exynos 1480 Firmware +4
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-15452 LOW POC Monitor

A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. [CVSS 2.4 LOW]

XSS Wangmarket
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15451 LOW POC Monitor

A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. [CVSS 2.4 LOW]

XSS Wangmarket
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2023-52212 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0. [CVSS 5.4 MEDIUM]

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-5591 MEDIUM This Month

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. [CVSS 5.4 MEDIUM]

XSS Xperience
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-69226 MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. [CVSS 5.3 MEDIUM]

Python Path Traversal Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-21635 MEDIUM This Month

Unifi Connect EV Station Lite firmware v1.5.2 and earlier contains an access control weakness that permits nearby Wi-Fi attackers to activate the AutoLink feature on devices provisioned exclusively through Ethernet connections. This vulnerability could allow unauthorized wireless configuration of the charging station despite it being administratively restricted to wired network adoption. No patch is currently available for this medium-severity issue.

Authentication Bypass Unifi Connect Ev Station Lite Firmware
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15454 LOW POC Monitor

A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is now publ...

XSS
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-12519 MEDIUM PATCH This Month

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. [CVSS 5.3 MEDIUM]

Information Disclosure Centreon Web
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52515 MEDIUM This Month

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in an out-of-bounds access, leading to a denial of service. [CVSS 5.1 MEDIUM]

Samsung Denial Of Service Race Condition Exynos 2400 Firmware Exynos 2500 Firmware +4
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-15237 MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability. [CVSS 4.3 MEDIUM]

Path Traversal AI / ML Qoca Aim
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-15236 MEDIUM This Month

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability. [CVSS 4.3 MEDIUM]

Path Traversal AI / ML Qoca Aim
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-65922 MEDIUM This Month

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. [CVSS 4.3 MEDIUM]

XSS
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-31046 MEDIUM This Month

Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29. [CVSS 4.3 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53344 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-9543 LOW Monitor

FlexTable WordPre versions up to 3.19.2 contains a vulnerability that allows attackers to high privilege users such as admin to perform Stored Cross-Site Scripting attack (CVSS 3.5).

WordPress XSS PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-15453 LOW Monitor

A security vulnerability has been detected in milvu versions up to 2.6.7. is affected by improper input validation (CVSS 6.3).

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15450 LOW Monitor

A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not u...

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0580 LOW Monitor

A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. [CVSS 3.5 LOW]

XSS Api Key Manager App
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-0588 LOW Monitor

A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. [CVSS 3.5 LOW]

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-0587 LOW Monitor

A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. [CVSS 3.5 LOW]

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10933 This Week

An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads.

Integer Overflow
NVD
EPSS
0.1%
CVE-2025-68766 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_translate_twocell() sets "hwirq" to >= MCHP_EIC_NIRQ (2) then it results in an out of bounds access.

Linux Linux Kernel
NVD
EPSS
0.1%
CVE-2025-68765 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated.

Linux Linux Kernel
NVD
EPSS
0.1%
CVE-2025-68764 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag.

Linux Linux Kernel
NVD
EPSS
0.1%
CVE-2025-68759 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop.

Linux Linux Kernel
NVD
EPSS
0.1%
CVE-2025-68758 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device.

Linux Null Pointer Dereference Linux Kernel
NVD
EPSS
0.1%
CVE-2025-68757 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timer_delete_sync() from fence->ops.release() called on last dma_fence_put().

Linux Linux Kernel
NVD
EPSS
0.1%
CVE-2025-68753 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in put_user loop for DSP events In the DSP event handling code, a put_user() loop copies event data.

Linux Linux Kernel
NVD
EPSS
0.1%
CVE-2025-68763 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Correctly handle return of sg_nents_for_len The return value of sg_nents_for_len was assigned to an unsigned long in starfive_hash_digest, causing negative error codes to be converted to large positive integers.

Linux Buffer Overflow Linux Kernel
NVD
EPSS
0.0%
CVE-2025-68761 Monitor

In the Linux kernel, the following vulnerability has been resolved: hfs: fix potential use after free in hfs_correct_next_unused_CNID() This code calls hfs_bnode_put(node) which drops the refcount and then dreferences "node" on the next line.

Linux Use After Free Linux Kernel
NVD
EPSS
0.0%
CVE-2025-68756 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock blk_mq_{add,del}_queue_tag_set() functions add and remove queues from tagset, the functions make sure that tagset and queues are marked as shared when two or more queues are attached to the same tagset.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2025-68755 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging.

Linux Null Pointer Dereference Linux Kernel
NVD
EPSS
0.0%
CVE-2025-68762 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFF_DISABLE_NETPOLL flag.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2025-68760 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show In iommu_mmio_write(), it validates the user-provided offset with the check: `iommu->dbg_mmio_offset > iommu->mmio_phys_end - 4`. This assumes a 4-byte access.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2025-68754 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2025-68752 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP ptp_clock_settime() assumes every ptp_clock has implemented settime64(). Stub it with -EOPNOTSUPP to prevent a NULL dereference.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2025-68751 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpu_vstl() A false-positive kmsan report is detected when running ping command.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2025-15022 PATCH This Week

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components.

XSS
NVD GitHub
EPSS
0.0%
CVE-2025-69291 Awaiting Data

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-69290 Awaiting Data

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56825 Awaiting Data

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-56809 Awaiting Data

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-15447 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy