Lucene search
K

87068 matches found

NVD
NVD
added 2026/04/28 6:16 a.m.6 views

CVE-2026-7224

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 5:30 a.m.7 views

EUVD-2026-25997

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

6.5CVSS5.4AI score0.00233EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 5:30 a.m.5 views

CVE-2026-7229

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

6.5CVSS5.4AI score0.00233EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 5:15 a.m.6 views

CVE-2026-7228 SourceCodester Pizzafy Ecommerce System ajax.php get_cart_count sql injection

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function getcartcount of the file /admin/ajax.php?action=getcartcount. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 5:15 a.m.11 views

CVE-2026-7228

CVE-2026-7228 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerable component is the function get_cart_count in /admin/ajax.php?action=get_cart_count, where an manipulated ID parameter enables a SQL injection. The issue is exploitable remotely, with a PoC/exploit published and avail...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 5:0 a.m.32 views

CVE-2026-7227 SourceCodester Pizzafy Ecommerce System ajax.php login sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 5:0 a.m.4 views

CVE-2026-7227

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS5.3AI score0.00254EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/28 5:0 a.m.5 views

EUVD-2026-25991

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS5.3AI score0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/28 5:0 a.m.5 views

CVE-2026-7227 SourceCodester Pizzafy Ecommerce System ajax.php login sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 5:0 a.m.20 views

CVE-2026-7227

SourceCodester Pizzafy Ecommerce System 1.0 contains an SQL injection in the Login function (admin/ajax.php?action=login) via manipulation of the e-mail parameter. Exploitation is possible remotely and the exploit is public, indicating practical risk. The CVE notes CVSS metrics (e.g., up to 7.3–7...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/28 4:45 a.m.4 views

CVE-2026-7226 SourceCodester Pizzafy Ecommerce System ajax.php login2 sql injection

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the argument e-mail leads to sql injection. Remote exploitation of the attack is possible. The exploit h...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 4:45 a.m.30 views

CVE-2026-7226 SourceCodester Pizzafy Ecommerce System ajax.php login2 sql injection

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the argument e-mail leads to sql injection. Remote exploitation of the attack is possible. The exploit h...

7.5CVSS0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 4:30 a.m.5 views

CVE-2026-7225

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function deletemenu of the file /admin/ajax.php?action=deletemenu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/28 4:30 a.m.8 views

CVE-2026-7225

SourceCodester Pizzafy Ecommerce System 1.0 is affected. The vulnerability is in /admin/ajax.php?action=delete_menu; manipulating the ID parameter enables SQL injection. A remote attack is possible and public PoC exists. CVSS metrics show high impact on confidentiality/integrity/availability (LOW...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 4:15 a.m.7 views

EUVD-2026-25988

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS5.4AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 4:15 a.m.6 views

CVE-2026-7224

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS5.4AI score0.00254EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 4:15 a.m.2 views

CVE-2026-7224 SourceCodester Pizzafy Ecommerce System ajax.php delete_cart sql injection

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 3:16 a.m.7 views

CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

6.8CVSS0.00907EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 3:16 a.m.5 views

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

7.2CVSS0.01157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/28 1:57 a.m.4 views

CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

6.8CVSS5.4AI score0.00907EPSS
Exploits0References1
Rows per page
Query Builder