CVE-2026-8128

SourceCodester SUP Online Shopping 1.0 is affected by a SQL injection in an unknown function of /admin/viewmsg.php triggered by manipulating the msgid parameter. This vulnerability can be exploited remotely and the exploit has been published. The CVE entries (CVE-2026-8128) indicate a mix of CVSS...

CVE-2026-8128

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

EUVD-2026-28475

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-8117

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been...

PT-2026-39296

Name of the Vulnerable Software and Affected Versions grav-plugin-admin versions prior to 1.10.49.5 Description The application fails to properly validate and sanitize user input in the dataheadertitle parameter. This allows attackers to craft a malicious URL containing a Cross-Site Scripting XSS...

Scoold 访问控制错误漏洞

Scoold is a team-based Q&A and knowledge-sharing platform developed by Erudika. Versions of Scoold prior to 1.67.0 contained an access control vulnerability. This vulnerability stemmed from the ability to modify administrators’ configuration values using a forged Bearer token, potentially leading...

PT-2026-39275

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The channel router fails to call the filter allowed access grants function during the creation or update of channels. This function is intended to strip unauthorized wildcard grants such as...

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

kimai 路径遍历漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developers. Versions of Kimai from 2.32.0 to 2.56.0 contained a path traversal vulnerability. This vulnerability occurred when system administrator users with the “uploadinvoicetemplate” permission uploaded...

PT-2026-38653

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description An issue exists in the file '/admin/message.php' where the manipulation of the seenid argument allows for SQL injection, a technique used to interfere with the queries that an...

PT-2026-38668

Name of the Vulnerable Software and Affected Versions Prison Management System Using PHP version 1.0 Description An issue exists on the Admin login page where the username parameter is susceptible to SQL injection, a technique that allows an attacker to interfere with the queries that an...

PT-2026-38670

Name of the Vulnerable Software and Affected Versions Control Web Panel CWP versions prior to 0.9.8.1209 Description Unauthenticated attackers can inject and execute arbitrary OS commands with root privileges on the web server. This occurs because user input provided through the key GET parameter...

SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a cross-site scripting vulnerability. This vulnerability arises from the parameter 'page' in the file 'admin/index.php', whi...

WordPress plugin Auto Affiliate Links 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-39187

Name of the Vulnerable Software and Affected Versions Scoold versions prior to 1.67.0 Description Scoold allows the modification of the admins configuration value via the "/api/config/set/admins" endpoint using a forged Bearer token that is accepted as an admin API token. This action writes a...

PT-2026-39270

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Administrative role changes and user deletions do not invalidate the SESSION POOL in-memory dictionary. When a user connects via Socket.IO, their role is snapshotted into this pool. Because the...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping contains a vulnerability due to improper handling of parameters in the file admin/replymsg.php, which may lead to SQL injection attacks...

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

PT-2026-39300

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1 Description An authenticated user possessing only the users.edit permission can escalate their privileges to administrator. This occurs by sending a PATCH request to the '/api/v1/users/id' endpoint with the...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability related to SQL injection, which arises from improper handling of the parameter seenid in the file admin/message.php...