MAL-2026-3269 Malicious code in @bcs-react-ui/context-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d7735468c4f2cdf66767c4b52a6a089b195ea5bb820b82a03690fb0c9586bc The package @bcs-react-ui/context-menu was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @bcs-react-ui/context-menu is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

WordPress Menu Image, Icons made easy plugin <= 3.12 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Menu Image, Icons made easy versions = 3.12...

WordPress WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin <= 2.8.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Mobile Menu versions = 2.8.6...

CVE-2026-7295

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...

CVE-2026-7225

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function deletemenu of the file /admin/ajax.php?action=deletemenu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit...

CVE-2026-7408

The CVE-2026-7408 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerable component is the save_menu function in /admin/ajax.php?action=save_menu. Manipulation of input leads to SQL injection, exploitable remotely. Public exploit appears to exist. No remediation details are provided i...

CVE-2026-7408

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

CVE-2026-7408 SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

EUVD-2018-21834

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the...

CVE-2018-25313 SysGauge 4.5.18 Local Denial of Service via Proxy Configuration

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the...

CVE-2018-25304 Free Download Manager 2.0 Build 417 Local Buffer Overflow SEH

Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler SEH chain exploitation. Attackers can craft a malicious URL file that, when imported through the File Import Import...

CVE-2026-7393

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

CVE-2026-7393 SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

EUVD-2026-26265

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

📄 Pizzafy Ecommerce System 1.0 Shell Upload

The savemenu function in Pizzafy Ecommerce System version 1.0 handles image uploads for menu items without performing any file type validation. The application retrieves the file extension using pathinfo but never actually checks or restricts the allowed file types before moving the uploaded file...

PT-2026-35959

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save menu of the file /admin/admin class novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

PT-2026-36014

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save menu of the file /admin/ajax.php?action=save menu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may b...

SourceCodester Pizzafy Ecommerce System 访问控制错误漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a security vulnerability related to access control. This vulnerability arises from improper handling of the img parameter in...

PT-2026-35996

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the...