CVE-2026-7282

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function deleteexpired of the file /ajax.php?action=deleteexpired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...

EUVD-2026-26056

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function deleteexpired of the file /ajax.php?action=deleteexpired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-7282

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function deleteexpired of the file /ajax.php?action=deleteexpired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability stems from the operation o...

PT-2026-35732

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete expired of the file /ajax.php?action=delete expired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit i...

CVE-2025-40297

The CVE-2025-40297 fix applies to the Linux kernel net/bridge code. It addresses a use-after-free race that could occur when deleting an expired fdb if MST is enabled. The race happens between ongoing learning and port deletion, where the port state is disabled but MST can bypass the port state, ...

EUVD-2025-38361

The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...

CVE-2025-12177

The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...

CVE-2025-12177

CVE-2025-12177 affects the WordPress Download Manager plugin (versions ≤ 3.3.30). The root cause is a hardcoded Cron key that enables unauthenticated triggering of deleteExpired() and clearTempDataCPCron(). This can lead to deletion of expired posts and clearing of cache. The vulnerability is con...

CVE-2025-12177 Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key

The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to trigger these cron jobs...

PT-2025-45551

Name of the Vulnerable Software and Affected Versions WordPress Download Manager plugin versions prior to 3.3.31 Description The WordPress Download Manager plugin contains a flaw due to a hardcoded Cron key used in the deleteExpired and clearTempDataCPCron functions. This allows unauthenticated...