CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

9.8CVSS5.8AI score0.00018EPSS

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the fact that the savecustomer operation in the...

Positive Technologies•added 2026/03/27 12:0 a.m.•4 views

PT-2026-28695

Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0 Description A security flaw exists in code-projects Social Networking Site 1.0. The issue affects an unknown function within the delete photos.php file of the Endpoint component. Manipulation of...

6.5CVSS5.7AI score0.00042EPSS

Exploits0References9

Positive Technologies•added 2026/03/27 12:0 a.m.•1 views

PT-2026-28403

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the save customer action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL comman...

9.8CVSS6AI score0.00018EPSS

Vulnrichment•added 2026/03/27 12:0 a.m.•1 views

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

6AI score0.00017EPSS

CVE•added 2026/03/27 12:0 a.m.•4 views

CVE-2026-30534

SourceCodester Online Food Ordering System v1.0 is affected by a SQL Injection in admin/manage_category.php via the id parameter. The CVE entry provides no vendor-specific remediation in the connected docs; CVSS v3.1 base score is 8.3 (HIGH) with network attack vector, low attack complexity, priv...

8.3CVSS6AI score0.00044EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/03/27 12:0 a.m.•1 views

PT-2026-28528

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.158 Group-Office versions prior to 25.0.92 Group-Office versions prior to 26.0.17 Description Group-Office is an enterprise customer relationship management and groupware tool. An authenticated SQL Injection...

8.8CVSS6.1AI score0.00016EPSS

Exploits1References4

4.3CVSS5.8AI score0.00013EPSS

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained a security vulnerability. This vulnerability stems from the/api/v1/retrieval/query/collection endpoint, which allows access to other users’ private...

8.8CVSS6AI score0.00016EPSS

groupoffice SQL注入漏洞

GroupOffice is an open-source groupware and CRM solution developed by Intermesh. Versions of GroupOffice prior to 6.8.158, 25.0.92, and 26.0.17 contain SQL injection vulnerabilities. These vulnerabilities stem from authenticated SQL injections at the JMAP Contact/query endpoint, which may lead to...

8.8CVSS5.8AI score0.00017EPSS

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the fact that the savecategory operation in the...

Positive Technologies•added 2026/03/27 12:0 a.m.•3 views

PT-2026-28371

This update fixes the following issues: golang-github-lusitaniae-apache exporter: - Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: - Security issues fixed: CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup bsc1258893 +...

6.5CVSS6.5AI score0.00438EPSS

Exploits4References57

Positive Technologies•added 2026/03/27 12:0 a.m.•2 views

PT-2026-28405

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view product.php file via the "id" parameter...

9.8CVSS6AI score0.00049EPSS

Positive Technologies•added 2026/03/27 12:0 a.m.•1 views

PT-2026-28582

Name of the Vulnerable Software and Affected Versions Azure Data Explorer MCP Server versions prior to commit 0abe0ee55279e111281076393e5e966335fffd30 Azure Data Explorer MCP Server versions up to and including 0.1.1 Description Azure Data Explorer MCP Server, a Model Context Protocol MCP server,...

8.3CVSS6.1AI score0.00018EPSS

Exploits3References12

RedhatCVE•added 2026/03/26 11:3 p.m.•4 views

CVE-2025-14808

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

3.1CVSS5.8AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 11:3 p.m.•1 views

CVE-2026-29187

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality /interface/new/newsearchpopup.php. The vulnerability allows an authenticated attacker t...

8.8CVSS6.2AI score0.00002EPSS

Exploits3References1

NVD•added 2026/03/26 9:17 p.m.•2 views

CVE-2026-33620

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.8 through v0.8.3 accepted the API token from a token URL query parameter in addition to the Authorization header. When a valid API credential is sent in the URL, it can be exposed through...

4.3CVSS0.00091EPSS

Vulnrichment•added 2026/03/26 8:40 p.m.•3 views

CVE-2026-33620 PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems

4.3CVSS5.9AI score0.00091EPSS