CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/29 9:15 p.m.•6 views

EUVD-2026-26292

6.5CVSS6.4AI score0.00192EPSS

CVE•added 2026/04/29 9:15 p.m.•12 views

CVE-2026-7410

CVE-2026-7410 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability is in /admin/ajax.php?action=add_to_cart, where manipulating the pid parameter causes an SQL injection. The exploit is publicly disclosed and the CVSS metrics indicate medium severity (base scores ~5.3–6.5) with ...

6.5CVSS6.4AI score0.00192EPSS

Cvelist•added 2026/04/29 9:0 p.m.•36 views

CVE-2026-7409 SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...

5.8CVSS0.00202EPSS

EUVD•added 2026/04/29 9:0 p.m.•4 views

EUVD-2026-26291

ATTACKERKB•added 2026/04/29 9:0 p.m.•1 views

CVE-2026-7409

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/29 9:0 p.m.•3 views

CVE-2026-7409 SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection

CVE•added 2026/04/29 9:0 p.m.•7 views

CVE-2026-7409

CVE-2026-7409 affects SourceCodester Pizzafy Ecommerce System 1.0, specifically the /admin/ajax.php?action=save_user function. The issue allows remote execution of SQL injection through manipulation of the save_user process. CVSS metrics in the document indicate network attack vector, low complex...

RedhatCVE•added 2026/04/29 8:48 p.m.•3 views

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS7AI score0.01334EPSS

RedhatCVE•added 2026/04/29 8:48 p.m.•4 views

CVE-2026-7295

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...

4.8CVSS3.1AI score0.00206EPSS

RedhatCVE•added 2026/04/29 8:48 p.m.•2 views

CVE-2026-7225

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function deletemenu of the file /admin/ajax.php?action=deletemenu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit...

7.5CVSS7.2AI score0.00254EPSS

RedhatCVE•added 2026/04/29 8:48 p.m.•3 views

CVE-2026-7264

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function getcartitems of the file /admin/ajax.php?action=getcartitems. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been ma...

6.5CVSS6.4AI score0.0025EPSS

RedhatCVE•added 2026/04/29 8:48 p.m.•3 views

CVE-2026-7297

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...

4.8CVSS3AI score0.00202EPSS

EUVD•added 2026/04/29 8:45 p.m.•2 views

EUVD-2026-26290

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

Vulnrichment•added 2026/04/29 8:45 p.m.•2 views

CVE-2026-7408 SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection

Vulnrichment•added 2026/04/29 8:30 p.m.•4 views

CVE-2026-7407 SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...

EUVD•added 2026/04/29 8:30 p.m.•3 views

EUVD-2026-26289

ATTACKERKB•added 2026/04/29 8:30 p.m.•1 views

CVE-2026-7407

Exploits0References5Affected Software1

CVE•added 2026/04/29 8:30 p.m.•9 views

CVE-2026-7407

The CVE-2026-7407 vulnerability affects SourceCodester Pizzafy Ecommerce System 1.0, specifically the save_settings function in /pizzafy/admin/ajax.php?action=save_settings (Setting Handler). The issue is a SQL injection caused by input manipulation in that endpoint, enabling remote attackers to ...