1710 matches found
EUVD-2026-26386
A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...
CVE-2026-7409 SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...
PT-2026-36013
Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description An issue in the Setting Handler component allows for remote SQL injection. This occurs within the save settings function located in the '/pizzafy/admin/ajax.php?action=save...
CVE-2026-7266
SourceCodester Pizzafy Ecommerce System 1.0 is affected by a SQL injection in the admin/ajax.php?action=save_order function via the ID parameter. The vulnerability can be exploited remotely and publicly; exploitation is noted as PROOF-OF-CONCEPT. Impact is described as low for confidentiality, in...
PT-2026-35705
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get cart items of the file /admin/ajax.php?action=get cart items. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has bee...
CVE-2026-7083 likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection
A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...
CVE-2026-7083 likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection
A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...
Code-Projects Chat System 跨站脚本漏洞
Code-Projects Chat System is an open-source chat system developed by Code-Projects. Version 1.0 of the code-projects Chat System has a cross-site scripting vulnerability. This vulnerability stems from improper handling of the parameter “msg” in the “Chat Interface” component’s...
CVE-2026-40529
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...
CVE-2026-40529
CVE-2026-40529 involves a SQL injection in the CMS ALAYA provided by KANATA Limited. The vulnerability allows an attacker who has access to the administrative interface to obtain or alter information stored in the database. The connected sources (NVD/CVELIST) describe the affected product and the...
CVE-2026-40529
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...
CVE-2026-40529
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...
EUVD-2026-22860
The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permissioncallback set to returntrue...
CVE-2026-40887
Vendure Core SQL Injection (CVE-2026-40887) affects @vendure/core via Shop API in ProductService.findOneBySlug where languageCode is interpolated into a raw SQL CASE expression without parameterization. Unauthenticated attackers can supply languageCode from the HTTP query string to inject arbitra...
SUSE CVE-2026-6060
A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...
Linux Distros Unpatched Vulnerability : CVE-2026-6060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be kill...
EUVD-2026-23933
A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...
CVE-2026-6060
A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...
UBUNTU-CVE-2026-6060
A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...
CVE-2026-6060
A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...