1760 matches found
CVE-2026-8185
The CVE primarily affects UGREEN CM933 1.1.59.4319, where an unknown function in the Administrative Interface allows missing authentication. This vulnerability requires local-network proximity (attack vector Adjacent) and exposes confidentiality, integrity, and availability at Low impact per the ...
Improper Handling of Insufficient Permissions or Privileges
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the deletion of form submissions. A user can remove other users' form submissions without proper...
CVE-2026-8133 zyx0814 FilePress Shares Filelist API admin.php sql injection
A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...
EUVD-2026-28444
A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...
Magento LTS: Reflected XSS - Import -> Data Flow (profiles)
A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...
Missing Authorization
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the delete process. An attacker can remove tags and disrupt FAQ organization by sending crafted DELETE requests to the admin AP...
Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
Summary Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletio...
CVE-2026-5110
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...
PT-2026-36102
Name of the Vulnerable Software and Affected Versions Dbit N300 T1 Pro wireless router version 1.0.0 Description A Cross-Site Request Forgery CSRF issue exists in the web management interface. The device fails to implement proper protection mechanisms, such as anti-CSRF tokens or strict...
EUVD-2026-26386
A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...
CVE-2026-7409 SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...
PT-2026-36013
Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description An issue in the Setting Handler component allows for remote SQL injection. This occurs within the save settings function located in the '/pizzafy/admin/ajax.php?action=save...
CVE-2026-7266
SourceCodester Pizzafy Ecommerce System 1.0 is affected by a SQL injection in the admin/ajax.php?action=save_order function via the ID parameter. The vulnerability can be exploited remotely and publicly; exploitation is noted as PROOF-OF-CONCEPT. Impact is described as low for confidentiality, in...
PT-2026-35705
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get cart items of the file /admin/ajax.php?action=get cart items. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has bee...
CVE-2026-7083 likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection
A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...
CVE-2026-7083 likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection
A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...
Code-Projects Chat System 跨站脚本漏洞
Code-Projects Chat System is an open-source chat system developed by Code-Projects. Version 1.0 of the code-projects Chat System has a cross-site scripting vulnerability. This vulnerability stems from improper handling of the parameter “msg” in the “Chat Interface” component’s...
CVE-2026-40529
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...
CVE-2026-40529
CVE-2026-40529 involves a SQL injection in the CMS ALAYA provided by KANATA Limited. The vulnerability allows an attacker who has access to the administrative interface to obtain or alter information stored in the database. The connected sources (NVD/CVELIST) describe the affected product and the...
CVE-2026-40529
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...