Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4441 matches found

RedhatCVE
RedhatCVEadded 2026/03/28 4:56 a.m.2 views

CVE-2026-30529

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the saveuser action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious S...

8.8CVSS6AI score0.00446EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/28 4:56 a.m.2 views

CVE-2026-30530

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecustomer action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL command...

9.8CVSS6AI score0.00476EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/28 4:56 a.m.1 views

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

8.8CVSS6AI score0.00445EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/03/27 10:3 p.m.22 views

CVE-2026-33989 @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...

8.1CVSS0.00489EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/03/27 10:3 p.m.3 views

CVE-2026-33989 @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...

8.1CVSS5.9AI score0.00489EPSS
Exploits1References3
Snyk
Snykadded 2026/03/27 7:45 p.m.3 views

Directory Traversal

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Directory Traversal via the loadprompt, loadpromptfromconfig, or .save methods on prompt classes. An attacker can access arbitrary files on the host filesystem by...

8.7CVSS6.5AI score0.01073EPSS
Exploits2References2
EUVD
EUVDadded 2026/03/27 6:31 p.m.2 views

EUVD-2026-16678

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

8.8CVSS6AI score0.00445EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/03/27 5:9 p.m.4 views

CVE-2026-1032

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

4.3CVSS5.8AI score0.00156EPSS
Exploits0References1
NVD
NVDadded 2026/03/27 4:16 p.m.3 views

CVE-2026-30530

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecustomer action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL command...

9.8CVSS0.00476EPSS
Exploits1References1
NVD
NVDadded 2026/03/27 3:16 p.m.5 views

CVE-2026-33764

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user wi...

4.3CVSS0.00214EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/27 2:29 p.m.4 views

CVE-2026-33764

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user wi...

4.3CVSS5.9AI score0.00214EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/27 2:29 p.m.16 views

CVE-2026-33764

CVE-2026-33764 affects WWBN/AVideo up to version 26.0 where the AI plugin’s save.json.php loads AI responses by attacker-controlled IDs (ai_metatags_responses_id and ai_transcribe_responses_id) without validating ownership of the target video. An authenticated user with canUseAI can reference AI ...

4.3CVSS5.9AI score0.00214EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/27 4:59 a.m.2 views

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.9AI score0.00445EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/03/27 12:0 a.m.3 views

PT-2026-28404

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the save category action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious...

8.8CVSS6AI score0.00445EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/27 12:0 a.m.21 views

CVE-2026-30529

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the saveuser action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious S...

0.00446EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/03/27 12:0 a.m.2 views

CVE-2026-30530

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecustomer action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL command...

6AI score0.00476EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/03/27 12:0 a.m.1 views

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

6AI score0.00445EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/03/27 12:0 a.m.2 views

PT-2026-28403

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the save customer action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL comman...

9.8CVSS6AI score0.00476EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/03/27 12:0 a.m.4 views

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the fact that the savecustomer operation in the...

9.8CVSS5.8AI score0.00476EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/27 12:0 a.m.1 views

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

6AI score0.00445EPSS
Exploits1References2
Rows per page
Query Builder