CVE-2026-7297

SourceCodester Pizzafy Ecommerce System 1.0 contains a cross-site scripting flaw in the save_user function at /admin/ajax.php?action=save_user. Manipulating the Name argument can trigger XSS; the attack can be executed remotely and exploit information is publicly disclosed. The connected document...

EUVD-2026-26147

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...

CVE-2026-7297 SourceCodester Pizzafy Ecommerce System ajax.php save_user cross site scripting

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...

CVE-2026-7296

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

CVE-2026-7295 SourceCodester Pizzafy Ecommerce System ajax.php save_menu cross site scripting

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...

CVE-2026-7295

CVE-2026-7295 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability lies in the /admin/ajax.php?action=save_menu function, where manipulating the Name argument enables cross-site scripting (XSS). Exploitation can be performed remotely; the exploit has been disclosed publicly. No ...

EUVD-2026-26138

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /admin/index.php?page=savesettings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit h...

CVE-2026-7294 SourceCodester Pizzafy Ecommerce System index.php save_settings cross site scripting

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /admin/index.php?page=savesettings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit h...

CVE-2026-7294 SourceCodester Pizzafy Ecommerce System index.php save_settings cross site scripting

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /admin/index.php?page=savesettings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit h...

CVE-2026-7294

SourceCodester Pizzafy Ecommerce System 1.0 is affected by a cross-site scripting flaw in the admin/index.php?page=save_settings function (save_settings) where manipulation of the Name argument enables XSS. The vulnerability is exploitable remotely, and public exploits have been published. No rem...

CVE-2026-7293 SourceCodester Pizzafy Ecommerce System ajax.php delete_category sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...

CVE-2026-7293 SourceCodester Pizzafy Ecommerce System ajax.php delete_category sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...

EUVD-2026-26137

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...

CVE-2026-7293

SourceCodester Pizzafy Ecommerce System 1.0 is affected by a SQL injection in the delete_category function (/admin/ajax.php?action=delete_category) via the ID parameter. Exploitation is possible remotely and the exploit is publicly available; CVSS metrics indicate a Medium-severity, network-based...

CVE-2026-7291

Technical details (affected products, versions, root cause, impact, and remediation) are not publicly available in the provided documents; monitor for updates.

CVE-2026-7291 o2oa URL Fetching FileAction.java FileAction server-side request forgery

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-7290 JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql...

CVE-2026-7290

JeecgBoot (up to version 3.9.1) contains a SQL injection flaw in the loadDict endpoint, specifically in SqlInjectionUtil.java. The vulnerability arises from how the keyword argument is processed within the SqlInjectionUtil component, enabling remote exploitation. Public disclosure of the exploit ...

CVE-2026-7283

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function saveexpired of the file /ajax.php?action=saveexpired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-7289 D-Link DIR-825M formWanConfigSetup sub_414BA8 buffer overflow

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...