PT-2026-45898

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy E-Commerce System version 1.0 Description An SQL injection issue exists in the Administrative Control Panel component. The Login function within the /admin/admin class novo.php file is susceptible to remote attacks throu...

CVE-2026-43568

OpenClaw is affected: versions 2026.4.5 up to (but not including) 2026.4.10 contain a privilege-escalation flaw in the memory-dreaming configuration. With write-scoped gateway access, an attacker can modify persistent memory dreaming settings via the /dreaming endpoint to escalate privileges (adm...

CVE-2026-7393

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

CVE-2026-7393 SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

SourceCodester Pizzafy Ecommerce System 访问控制错误漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a security vulnerability related to access control. This vulnerability arises from improper handling of the img parameter in...

PT-2026-35959

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save menu of the file /admin/admin class novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send

Summary Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Talk Voice config persistence bug, but it is the same narrow...

GHSA-3Q42-XMXV-9VFR OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send

Summary Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Talk Voice config persistence bug, but it is the same narrow...

EUVD-2026-19400

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...

CVE-2026-3487

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

CVE-2026-3487

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

CVE-2026-3487 itsourcecode College Management System class-result.php sql injection

A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument coursecode results in sql injection. The attack can be initiated remotely. The exploit has been made...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the coursecode parameter in the file...

PT-2026-22831

Name of the Vulnerable Software and Affected Versions itsourcecode College Management System version 1.0 Description A security issue exists in itsourcecode College Management System version 1.0 related to the processing of the /admin/class-result.php file. Manipulation of the course code argumen...

CVE-2025-15214

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function savepricing of the file adminclass.php. The manipulation of the argument name/ride results in cross site scripting. The attack may be performed from remote. The exploit has been made public and...

CVE-2025-15214 Campcodes Park Ticketing System admin_class.php save_pricing cross site scripting

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function savepricing of the file adminclass.php. The manipulation of the argument name/ride results in cross site scripting. The attack may be performed from remote. The exploit has been made public and...

CVE-2025-15214 Campcodes Park Ticketing System admin_class.php save_pricing cross site scripting

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function savepricing of the file adminclass.php. The manipulation of the argument name/ride results in cross site scripting. The attack may be performed from remote. The exploit has been made public and...

CVE-2025-15214

CVE-2025-15214 affects Campcodes Park Ticketing System 1.0. The vulnerable component is the save_pricing function in admin_class.php, where manipulating the Name/ride argument enables cross-site scripting. The issue is exploitable remotely and exploitation has been publicly disclosed. Multiple so...

EUVD-2025-205676

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function savepricing of the file adminclass.php. The manipulation of the argument Name results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could...

PT-2025-53833

Name of the Vulnerable Software and Affected Versions Campcodes Park Ticketing System version 1.0 Description A security issue exists in Campcodes Park Ticketing System version 1.0. The save pricing function within the admin class.php file is susceptible to cross-site scripting XSS due to...