CVE-2026-7088

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

CVE-2026-7094

ShadowCloneLabs GlutamateMCPServers contains a server-side request forgery via puppeteer_navigate (src/puppeteer/index.ts). Manipulating the argument url can trigger SSRF from remote, with no disclosed patch version. CVSS estimates range from 4.0 to 3.0/3.1 depending on vector, all indicating med...

EUVD-2026-25783

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

CVE-2026-7094 ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

CVE-2026-7093

CVE-2026-7093 affects the code-projects Invoice System in Laravel 1.0 . The vulnerability exists in the Invoice Endpoint, specifically an unspecified function under the path /invoice/ where manipulating the argument ID leads to improper authorization. It is a network‑accessible issue with LOW to ...

CVE-2026-7093

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

EUVD-2026-25782

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

CVE-2026-7092 code-projects Invoice System in Laravel Profile profile improper authorization

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

CVE-2026-7090

CVE-2026-7090 affects code-projects Chat System 1.0 via /admin/send_message.php: the msg parameter is vulnerable to cross-site scripting. The issue arises from improper handling of the argument, enabling remote exploitation with a public exploit. No remediation details are provided in the availab...

CVE-2026-7090 code-projects Chat System send_message.php cross site scripting

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

CVE-2026-7089

CVE-2026-7089 affects code-projects Home Service System 1.0. The vulnerability targets the Appointment Booking component, specifically the /booking.php file, where manipulation of the fname/lname parameters enables cross-site scripting. The description notes remote initiation and publicly disclos...

EUVD-2026-25773

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated...

EUVD-2026-25772

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

CVE-2026-7088

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

CVE-2026-7088 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=savereceiving. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit...

CVE-2026-7088

SourceCodester Pharmacy Sales and Inventory System 1.0 contains a SQL injection in /ajax.php?action=save_receiving triggered by manipulating the ID parameter. The flaw is exploitable remotely and the exploit is publicly available. No remediation details are provided in the documents.

CVE-2026-7087

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-7087 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=savesales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...