0.0
CVE-2025-15473 - Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
5.3
CVE-2026-3992 - CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made avaiβ¦
5.3
CVE-2026-3990 - CesiumGS CesiumJS standalone.html cross site scripting
A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been relβ¦
5.1
CVE-2026-3984 - Campcodes Division Regional Athletic Meet Game Result Matrix System save_up_athlete.php cross site β¦
A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation of the argument a_name causes cross site scripting. It is possible to initiate the attack remotely. Tβ¦
5.1
CVE-2026-3983 - Campcodes Division Regional Athletic Meet Game Result Matrix System save-games.php cross site scripβ¦
A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit hβ¦
5.3
CVE-2026-3982 - itsourcecode University Management System view_result.php cross site scripting
A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit haβ¦
6.9
CVE-2026-3981 - itsourcecode Online Doctor Appointment System doctor_action.php sql injection
A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publiβ¦
6.9
CVE-2026-3980 - itsourcecode Online Doctor Appointment System patient_action.php sql injection
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to thβ¦
4.8
CVE-2026-3979 - quickjs-ng quickjs quickjs.c js_iterator_concat_return use after free
A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244β¦
8.7
CVE-2026-3978 - D-Link DIR-513 formEasySetupWizard3 stack-based overflow
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may beβ¦