86404 matches found
CVE-2025-27852
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...
CVE-2026-43680
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-7293
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...
CVE-2026-43685
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-7408
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...
CVE-2026-7394
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/vieworder.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may ...
CVE-2026-7143
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/blockstatus.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...
CVE-2026-7238
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2026-7553
A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexercises.php. The manipulation of the argument editexercise results in sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2026-7229
A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...
CVE-2026-7409
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...
CVE-2026-7090
A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...
CVE-2026-7296
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...
CVE-2026-7083
A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...
CVE-2026-7746
A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /productexpiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is...
CVE-2026-7407
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...
CVE-2026-7294
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /admin/index.php?page=savesettings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit h...
CVE-2021-47935
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...
CVE-2026-38702
A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...
CVE-2026-38931
A stored cross-site scripting XSS vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff Latest as of 2026-02-27 via injecting a crafted payload...