CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/29 8:48 p.m.•2 views

CVE-2026-7264

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function getcartitems of the file /admin/ajax.php?action=getcartitems. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been ma...

6.5CVSS6.4AI score0.0025EPSS

Exploits0References1

RedhatCVE•added 2026/04/29 8:48 p.m.•3 views

CVE-2026-7297

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...

4.8CVSS3AI score0.00202EPSS

Exploits0References1

EUVD•added 2026/04/29 8:45 p.m.•2 views

EUVD-2026-26290

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

ATTACKERKB•added 2026/04/29 8:45 p.m.•1 views

CVE-2026-7408

Exploits0References5Affected Software1

CVE•added 2026/04/29 8:45 p.m.•6 views

CVE-2026-7408

The CVE-2026-7408 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerable component is the save_menu function in /admin/ajax.php?action=save_menu. Manipulation of input leads to SQL injection, exploitable remotely. Public exploit appears to exist. No remediation details are provided i...

Vulnrichment•added 2026/04/29 8:30 p.m.•4 views

CVE-2026-7407 SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...

EUVD•added 2026/04/29 8:30 p.m.•3 views

EUVD-2026-26289

ATTACKERKB•added 2026/04/29 8:30 p.m.•1 views

CVE-2026-7407

Exploits0References5Affected Software1

NVD•added 2026/04/29 8:16 p.m.•3 views

CVE-2026-7401

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument studentid/fullname/section/username results ...

5.3CVSS0.0032EPSS

CVE•added 2026/04/29 7:15 p.m.•8 views

CVE-2026-7401

CVE-2026-7401 affects SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The vulnerability targets the Registration component, specifically /index.php?action=register, where manipulation of the arguments student_id, full_name, section, or username enables cross-site scr...

5.3CVSS3.7AI score0.0032EPSS

Vulnrichment•added 2026/04/29 7:15 p.m.•2 views

CVE-2026-7401 SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting

5.3CVSS3.7AI score0.0032EPSS

Cvelist•added 2026/04/29 7:15 p.m.•26 views

CVE-2026-7401 SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting

5.3CVSS0.0032EPSS

NVD•added 2026/04/29 6:16 p.m.•2 views

CVE-2026-7394

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...

5.8CVSS0.00244EPSS

NVD•added 2026/04/29 5:16 p.m.•3 views

CVE-2026-7393

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS0.00268EPSS

NVD•added 2026/04/29 5:16 p.m.•1 views

CVE-2026-7392

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function deletesupplier of the file /ajax.php?action=deletesupplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS0.00192EPSS

NVD•added 2026/04/29 5:16 p.m.•3 views

CVE-2026-7391

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function savesupplier of the file /ajax.php?action=savesupplier. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publish...

6.5CVSS0.00192EPSS

Vulnrichment•added 2026/04/29 5:15 p.m.•4 views

CVE-2026-7394 SourceCodester Pizzafy Ecommerce System GET Parameter view_order.php sql injection

5.8CVSS5AI score0.00244EPSS

CVE•added 2026/04/29 5:0 p.m.•7 views

CVE-2026-7393

SourceCodester Pizzafy Ecommerce System 1.0 is affected in the admin_class_novo.php save_menu() function where the img upload parameter allows unrestricted uploads. The file path involved is Pizzafy/assets/img/, and an attacker with admin authentication could upload a crafted file (no validation ...

5.8CVSS5AI score0.00268EPSS

Cvelist•added 2026/04/29 5:0 p.m.•27 views

CVE-2026-7393 SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload

5.8CVSS0.00268EPSS