|
4181
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argu…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6165
|
2026-04-25 02:57 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4182
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipul…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6166
|
2026-04-25 02:57 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4183
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injecti…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-6167
|
2026-04-25 02:57 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4184
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting.…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2025-15632
|
2026-04-25 02:57 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4185
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, m…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6911
|
2026-04-25 02:56 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4186
|
8.8 |
HIGH
Network
|
-
|
-
|
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to …
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-6912
|
2026-04-25 02:56 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4187
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code
|
CWE-79
Cross-site Scripting
|
CVE-2026-31050
|
2026-04-25 02:55 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4188
|
3.8 |
LOW
Network
|
-
|
-
|
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-31051
|
2026-04-25 02:55 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4189
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-31052
|
2026-04-25 02:55 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4190
|
4.0 |
MEDIUM
Local
|
-
|
-
|
bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42095
|
2026-04-25 02:55 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
