CVE-2026-40926

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

PT-2026-31558

A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published...

CVE-2025-12293

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might b...

CVE-2025-12302

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit ...

EUVD-2025-36232

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit ...

CVE-2025-12302

The CVE-2025-12302 entry concerns code-projects Simple Food Ordering System 1.0, with a cross-site scripting vulnerability in /editproduct.php. The flaw arises from unsafely handling user-supplied data in the pname, category, and price parameters, enabling injected script through these fields. Re...

PT-2025-44024

Name of the Vulnerable Software and Affected Versions PHPGurukul Curfew e-Pass Management System version 1.0 Description A flaw exists in PHPGurukul Curfew e-Pass Management System 1.0. The issue involves the manipulation of the Fullname/Category argument in the view-pass-detail.php file, leading...

CVE-2025-10563

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=savecategory. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

DMXReady Contact Us Manager <= 1.1 Remote Contents Change Vuln

No description provided by source. Title : DMXReady Contact Us Manager = 1.1 Remote Contents Change Vulnerability Author : "ajann" from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 49.97 $ Dork : inurl:inccontactusmanager.asp DorkEx :...