Skip to main content
CVE-2026-0581 LOW POC Monitor

Ac1206 Firmware versions up to 15.03.06.23 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.3%
CVE-2026-0586 LOW POC Monitor

Online Product Reservation System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-0591 LOW POC Monitor

SQL injection in the cart update handler of Online Product Reservation System 1.0 allows authenticated attackers to manipulate product ID and quantity parameters, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, affecting systems running the vulnerable PHP application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0590 LOW POC Monitor

SQL injection in the Online Product Reservation System 1.0 checkout delete function allows authenticated attackers to manipulate POST parameters and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk of data theft or manipulation.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0584 LOW POC Monitor

SQL injection in the Online Product Reservation System 1.0 via the ID parameter in app/products/left_cart.php allows authenticated attackers to read, modify, or delete database contents remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this software.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0597 LOW POC Monitor

SQL injection in Campcodes Supplier Management System 1.0 allows authenticated remote attackers to manipulate the txtRetailerAddress parameter in /retailer/edit_profile.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running PHP-based installations should implement input validation controls and restrict access to the vulnerable endpoint until patching becomes available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0582 LOW POC Monitor

SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/edit_activity_query.php, enabling remote data exfiltration, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15452 LOW POC Monitor

A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. [CVSS 2.4 LOW]

XSS Wangmarket
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15451 LOW POC Monitor

A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. [CVSS 2.4 LOW]

XSS Wangmarket
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15454 LOW POC Monitor

A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is now publ...

XSS
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-9543 LOW Monitor

FlexTable WordPre versions up to 3.19.2 contains a vulnerability that allows attackers to high privilege users such as admin to perform Stored Cross-Site Scripting attack (CVSS 3.5).

WordPress XSS PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-15453 LOW Monitor

A security vulnerability has been detected in milvu versions up to 2.6.7. is affected by improper input validation (CVSS 6.3).

Deserialization
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15450 LOW Monitor

A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not u...

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-0580 LOW Monitor

A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. [CVSS 3.5 LOW]

XSS Api Key Manager App
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-0588 LOW Monitor

A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. [CVSS 3.5 LOW]

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-0587 LOW Monitor

A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. [CVSS 3.5 LOW]

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy