CVE-2026-13504
A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php
CVSS
3.5
Bajo
EPSS
0.2%
p10
KEV
—
Exploit Today
3
0-100
Publicado: 28 jun 2026 · Última mod.: 30 jun 2026 · CWE-79 · CWE-94
0.2%EPSS · 30 días0.2%
2026-06-302026-07-17
A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-32489.8 CRÍ100.0%
KEV—80Langflow Missing Authentication Vulnerability3dCVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2026-154107.2 ALT71.1%
KEV—71SonicWall SMA1000 Appliances Code Injection Vulnerability2dCVE-2025-670389.8 CRÍ55.3%
KEV—67Lantronix EDS5000 Code Injection Vulnerability12dCVE-2021-252996.1 MED99.9%
——30Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.9dCVE-2021-416539.8 CRÍ99.5%
——30The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.9d