Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_back
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoin
A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento1_1 parameter.
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by explo
CVE-2026-25818
CRITICAL CVSS 9.1
Find Similar
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an atta
EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force att
A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code
A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php.
CVE-2026-26219
CRITICAL CVSS 9.3
Find Similar
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who ob
CVE-2024-42559
CRITICAL CVSS 9.8
Find Similar
An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.
A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel Management System (commit 87e004a) allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/ro
CVE-2024-42556
CRITICAL CVSS 9.8
Find Similar
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administ
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.
Page 1+ Next →