CVE-2026-13556
A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/mod_users
CVSS
4.3
Medium
EPSS
0.4%
p36
KEV
—
Exploit Today
11
0-100
Published: Jun 29, 2026 · Last modified: Jul 1, 2026 · CWE-79 · CWE-94
0.4%EPSS · 30 days0.4%
2026-06-302026-07-18
A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/mod_users/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-32489.8 CRI100.0%
KEV—80Langflow Missing Authentication Vulnerability4dCVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability4dCVE-2026-154107.2 HIG71.1%
KEV—71SonicWall SMA1000 Appliances Code Injection Vulnerability3dCVE-2025-670389.8 CRI55.3%
KEV—67Lantronix EDS5000 Code Injection Vulnerability12dCVE-2021-252996.1 MED99.9%
——30Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.10dCVE-2021-416539.8 CRI99.5%
——30The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.10d