Lucene search
K

87078 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/28 4:30 a.m.5 views

CVE-2026-7225

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function deletemenu of the file /admin/ajax.php?action=deletemenu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/28 4:30 a.m.8 views

CVE-2026-7225

SourceCodester Pizzafy Ecommerce System 1.0 is affected. The vulnerability is in /admin/ajax.php?action=delete_menu; manipulating the ID parameter enables SQL injection. A remote attack is possible and public PoC exists. CVSS metrics show high impact on confidentiality/integrity/availability (LOW...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 4:15 a.m.7 views

EUVD-2026-25988

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS5.4AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 4:15 a.m.6 views

CVE-2026-7224

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS5.4AI score0.00254EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 4:15 a.m.2 views

CVE-2026-7224 SourceCodester Pizzafy Ecommerce System ajax.php delete_cart sql injection

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 3:16 a.m.7 views

CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

6.8CVSS0.00907EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 3:16 a.m.5 views

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

7.2CVSS0.01157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/28 1:57 a.m.4 views

CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

6.8CVSS5.4AI score0.00907EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 12:16 a.m.8 views

CVE-2026-41371

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...

8.5CVSS0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass vulnerabilities in the /phone arm and /phone disarm endpoints, which failed to...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35747

Name of the Vulnerable Software and Affected Versions Pony Mail Lua implementation affected versions not specified Description Inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows for admin account takeover. This occurs when a front-end server and a...

9.8CVSS5.8AI score0.00444EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

Code-Projects Online Music Site 访问控制错误漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a vulnerability related to access control. This vulnerability stems from the unlimited upload feature of the txtimage parameter in the...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35710

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save order of the file /admin/ajax.php?action=save order. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability arises from the parameter ID operation in the function deletecategory within th...

5.8CVSS5.9AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35705

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get cart items of the file /admin/ajax.php?action=get cart items. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has bee...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35663

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the argument e-mail leads to sql injection. Remote exploitation of the attack is possible. The exploit h...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.4 views

PT-2026-35712

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save category of the file /admin/ajax.php?action=save category. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been...

6.5CVSS6.2AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35665

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get cart count of the file /admin/ajax.php?action=get cart count. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit ha...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35814

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save settings of the file /admin/index.php?page=save settings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit...

4.8CVSS3.2AI score0.00206EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.7 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the e-mail parameter in the login2 function of the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder