105521 matches found
CVE-2026-37750
A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...
EUVD-2026-26155
A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function searchpapers of the file researchserver.py. The manipulation of the argument topic results in path traversal. Attacking locally is a requirement. The exploit is now public and may be used. The project was...
CVE-2026-7297
SourceCodester Pizzafy Ecommerce System 1.0 contains a cross-site scripting flaw in the save_user function at /admin/ajax.php?action=save_user. Manipulating the Name argument can trigger XSS; the attack can be executed remotely and exploit information is publicly disclosed. The connected document...
CVE-2026-7297 SourceCodester Pizzafy Ecommerce System ajax.php save_user cross site scripting
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...
CVE-2026-31255
A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...
CVE-2024-46636
NASA Earth Observing System Data and Information System EOSDIS MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter...
CVE-2026-7296
SourceCodester Pizzafy Ecommerce System 1.0 contains an XSS vulnerability in the admin/ajax.php?action=save_order function, triggered by manipulation of the first_name argument. Remote exploitation is possible and exploits have been published. No remediation or patch details are provided in the s...
EUVD-2026-26146
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...
CVE-2021-36438
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...
CVE-2026-7295
CVE-2026-7295 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability lies in the /admin/ajax.php?action=save_menu function, where manipulating the Name argument enables cross-site scripting (XSS). Exploitation can be performed remotely; the exploit has been disclosed publicly. No ...
CVE-2026-7295
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...
CVE-2026-41395
OpenClaw prior to 2026.3.28 is affected by a webhook replay vulnerability in Plivo V3 signature verification. The system canonicalizes query ordering for signatures but hashes the raw verification URL for replay detection, allowing an attacker who captures a valid signed webhook to reorder query ...
CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3
OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...
CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3
OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...
CVE-2026-27760
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...
CVE-2026-7283 SourceCodester Pharmacy Sales and Inventory System ajax.php save_expired sql injection
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function saveexpired of the file /ajax.php?action=saveexpired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-27760
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...
CVE-2026-7281
A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. Th...
CVE-2026-7281 SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting
A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. Th...
CVE-2026-7281
CVE-2026-7281 affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vuln is in the supplier function of /index.php?page=supplier, where manipulating the Name argument triggers cross-site scripting. It can be exploited remotely and the exploit has been publicly disclosed. CVSS data i...