CVE-2026-30531

The CVE-2026-30531 entry affects SourceCodester Online Food Ordering System v1.0, specifically the Actions.php save_category action. The issue stems from improper sanitization of the name parameter, enabling SQL injection by an authenticated attacker. Impact described in the sources includes high...

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

CVE-2026-30530

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecustomer action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL command...

CVE-2026-30530

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecustomer action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL command...

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the fact that the savecategory operation in the...

Authorization Bypass Through User-Controlled Key

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the save.json.php process. An attacker can access and exfiltrate confidential AI-generated metadata and...

EUVD-2026-16171

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

CVE-2026-3983

A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument gamename results in cross site scripting. The attack may be performed from remote. The exploit...

CVE-2026-3984

A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file saveupathlete.php. This manipulation of the argument aname causes cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2026-32755

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

CVE-2026-33162

Craft CMS is a content management system CMS. From version 5.3.0 to before version 5.9.14, an authenticated control panel user with only accessCp can move entries across sections via POST /actions/entries/move-to-section, even when they do not have saveEntries:sectionUid permission for either...

CVE-2026-32733

Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...

CVE-2026-33330

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save...

CVE-2026-33723

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Subscribe::save method in objects/subscribe.php concatenates the $this-usersid property directly into an INSERT SQL query without sanitization or parameterized binding. This property originates from...

CVE-2026-31827

Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission. When User B submits a paste with a short TTL e.g., 30 seconds, the TTL index is...

CVE-2026-1032

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

CVE-2026-1032

The CVE-2026-1032 entry concerns the WordPress plugin Conditional Menus . Affected versions: all up to and including 1.2.6. Root cause: missing nonce validation in the save_options function, enabling CSRF. Impact: unauthenticated attackers could modify conditional menu assignments through a forge...

CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

Exploit for Improper Input Validation in Tecrail Responsive_Filemanager

POC-CVE-2020-10567 RCE poc - RESPONSIVE filemanager v.9.14.0...