CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40969 matches found

Vulnrichment•added 2026/04/29 5:0 p.m.•2 views

CVE-2026-7393 SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

5.8CVSS4.8AI score0.00268EPSS

Exploits1References5

CVE•added 2026/04/29 4:45 p.m.•8 views

CVE-2026-7392

CVE-2026-7392 involves a SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability affects the function delete_supplier in the file /ajax.php?action=delete_supplier, where manipulation of the argument ID can lead to a SQL injection. The issue can be exploited remo...

6.5CVSS6.5AI score0.00192EPSS

Exploits0References5

Cvelist•added 2026/04/29 4:45 p.m.•32 views

CVE-2026-7392 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function deletesupplier of the file /ajax.php?action=deletesupplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS0.00192EPSS

Exploits0References5

NVD•added 2026/04/29 4:16 p.m.•6 views

CVE-2026-7386

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...

7.5CVSS0.00429EPSS

Exploits0References7

Vulnrichment•added 2026/04/29 4:15 p.m.•3 views

CVE-2026-7391 SourceCodester Pharmacy Sales and Inventory System ajax.php save_supplier sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function savesupplier of the file /ajax.php?action=savesupplier. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publish...

6.5CVSS6.3AI score0.00192EPSS

Exploits0References5

ATTACKERKB•added 2026/04/29 4:15 p.m.•1 views

CVE-2026-7391

6.5CVSS6.3AI score0.00192EPSS

Exploits0References5Affected Software1

EUVD•added 2026/04/29 4:15 p.m.•5 views

EUVD-2026-26257

6.5CVSS6.3AI score0.00192EPSS

Exploits0References5

RedHat Linux•added 2026/04/29 3:46 p.m.•8 views

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS8.1AI score0.01069EPSS

Exploits1References5

ATTACKERKB•added 2026/04/29 3:45 p.m.•2 views

CVE-2026-7390

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

5.1CVSS3.5AI score0.00195EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/04/29 3:45 p.m.•30 views

CVE-2026-7390 SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting

5.1CVSS0.00195EPSS

Exploits0References5

EUVD•added 2026/04/29 3:45 p.m.•6 views

EUVD-2026-26253

5.1CVSS3.6AI score0.00195EPSS

Exploits0References5

Vulnrichment•added 2026/04/29 3:30 p.m.•4 views

CVE-2026-7389 EyouCMS common.php GetSortData sql injection

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...

7.5CVSS7.1AI score0.00259EPSS

Exploits0References4

EUVD•added 2026/04/29 3:30 p.m.•6 views

EUVD-2026-26252

7.5CVSS7.1AI score0.00259EPSS

Exploits0References4

EUVD•added 2026/04/29 3:15 p.m.•3 views

EUVD-2026-26251

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

5.8CVSS5AI score0.00239EPSS

Exploits0References4

CVE•added 2026/04/29 3:15 p.m.•11 views

CVE-2026-7388

CVE-2026-7388 affects EyouCMS up to version 1.7.9, specifically the Template File Handler’s FilemanagerLogic.php editFile function. The weakness enables code injection via remote manipulation of the editFile workflow. Public exploit appears available and the vendor has not publicly responded to t...

5.8CVSS5.1AI score0.00239EPSS

Exploits0References4

Vulnrichment•added 2026/04/29 3:15 p.m.•1 views

CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection

5.8CVSS4.9AI score0.00239EPSS

Exploits0References4

ATTACKERKB•added 2026/04/29 3:15 p.m.•3 views

CVE-2026-7388

5.8CVSS4.9AI score0.00239EPSS

Exploits0References4

Vulnrichment•added 2026/04/29 3:0 p.m.•2 views

CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal