2717 matches found
CVE-2026-5811 SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...
CVE-2026-5811
Affected product: SourceCodester Online Food Ordering System 1.0. The CVE stems from the POST Parameter Handler, specifically the save_product function in Actions.php, where manipulating the price parameter leads to business logic errors. Impact is described as remote exploitation with publicly a...
SourceCodester Online Food Ordering System 安全漏洞
The SourceCodester Online Food Ordering System is an open-source online ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System has a security vulnerability. This vulnerability stems from the handling of the parameter ‘price’ in the ‘saveproduct’...
PT-2026-31549
Name of the Vulnerable Software and Affected Versions SourceCodester Online Food Ordering System version 1.0 Description A vulnerability exists in the function save product of the file /Actions.php within the POST Parameter Handler component. Manipulation of the price argument can lead to busines...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006655)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006655 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Use stronger register read/writes to assure ordering GCC12 appears to be much...
CVE-2026-35490 changedetection.io has an Authentication Bypass via Decorator Ordering
changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @loginoptionallyrequired decorator is placed before outer to @blueprint.route instead of after it. In Flask, @route must be the outermost decorator because it registers the function it receives. When the...
CVE-2026-35490
CVE-2026-35490 affects changedetection.io before 0.54.8. In Flask, the decorator order was wrong: @login_optionally_required applied before @blueprint.route(), causing the route to register the undecorated function and bypass authentication. The issue affects multiple routes across several bluepr...
PT-2026-30157
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a race condition within the qman destroy fq function in the soc: fsl: qbman component. This occurs when the QMAN FQ FLAG DYNAMIC FQID flag is set, specifically...
CVE-2026-5157
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
GHSA-8689-GM9G-JGR6 OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering
Summary Plivo V3 signature verification canonicalized query ordering, but replay detection hashed the raw verification URL. Reordering query parameters preserved a valid signature while producing a fresh replay-cache key. Impact An attacker who captured one valid signed Plivo V3 webhook could...
EUVD-2026-17253
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
CVE-2026-5157
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
CVE-2026-5157 code-projects Online Food Ordering System Order order.php cross site scripting
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
PT-2026-29144
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust id leads to cross site scripting. The attack may be performed from remote. The exploit...
CVE-2026-30532
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...
CVE-2026-30529
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the saveuser action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious S...
CVE-2026-30530
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecustomer action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL command...
CVE-2026-30534
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/managecategory.php via the "id" parameter...
CVE-2026-30531
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...
CVE-2026-30533
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manageproduct.php file via the "id" parameter...