CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.5CVSS5.6AI score0.00051EPSS

CVE-2026-5812

A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initia...

RedhatCVE•added yesterday•5 views

CVE-2026-10248

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function createsupplier of the file /Exportcsv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection...

5.8CVSS5.2AI score0.00051EPSS

4.8CVSS3.6AI score0.00032EPSS

CVE-2026-8136

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and...

7.5CVSS6.9AI score0.00043EPSS

CVE-2026-7550

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=savecustomer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

RedhatCVE•added yesterday•3 views

CVE-2026-7128

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=savetype. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has...

7.5CVSS7AI score0.00043EPSS

5.4CVSS5.6AI score0.00029EPSS

CVE-2026-32712

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...

Exploits1References1

6.9CVSS5.5AI score0.00035EPSS

CVE-2026-10255

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sellstatement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be launched remotely. The...

HackRead•added 5 days ago•11 views

How to Get the Most From Your Explainer Video Production Services

Video can simplify a hard offer, shorten sales conversations, and improve recall. Those gains depend on disciplined planning…...

5.8AI score

Exploits0

NVD•added 5 days ago•9 views

CVE-2026-10247

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function creategenericname of the file /ShowForm/creategenericname/main. The manipulation of the argument genericname results in cross site scripting. The attack may be launched...

5.1CVSS0.00034EPSS

Vulnrichment•added 5 days ago•5 views

CVE-2026-10247 SourceCodester Pharmacy Sales and Inventory System main create_generic_name cross site scripting

5.1CVSS4.3AI score0.00034EPSS

Cvelist•added 5 days ago•23 views

CVE-2026-10244 SourceCodester Pharmacy Sales and Inventory System main create_medicine_name cross site scripting

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function createmedicinename of the file /ShowForm/createmedicinename/main. Performing a manipulation of the argument medicinename results in cross site scripting. The atta...

5.1CVSS0.00034EPSS

Vulnrichment•added 5 days ago•6 views

CVE-2026-10244 SourceCodester Pharmacy Sales and Inventory System main create_medicine_name cross site scripting

5.1CVSS4.3AI score0.00034EPSS

CNNVD•added 5 days ago•6 views

SourceCodester Pharmacy Sales and Inventory System Code Injection Vulnerability

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a code injection vulnerability. This vulnerability arises from improper...

5.1CVSS5.7AI score0.00034EPSS

Positive Technologies•added 5 days ago•6 views

PT-2026-45392

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create medicine presentation of the file /ShowForm/create medicine presentation/main. The manipulation of the argument medicine presentation leads to cross site scripting. The attac...

5.1CVSS4.1AI score0.00034EPSS

Exploits0References7

ATTACKERKB•added 2026/05/27 6:37 p.m.•6 views

CVE-2026-42877

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...

Exploits0References2Affected Software1

CVE•added 2026/05/27 6:37 p.m.•5 views

CVE-2026-42877

CVE-2026-42877 describes a stored XSS in FacturaScripts where the product variant field referencia is injected into an onclick attribute in SalesModalHTML.php and PurchasesModalHTML.php without proper escaping. The vulnerability allows an authenticated user with warehouse access to create a malic...

Vulnrichment•added 2026/05/27 6:37 p.m.•7 views

CVE-2026-42877 FacturaScripts: Stored XSS via product reference in sales/purchases

Cvelist•added 2026/05/27 6:37 p.m.•38 views

CVE-2026-42877 FacturaScripts: Stored XSS via product reference in sales/purchases

5.4CVSS0.00029EPSS

CNNVD•added 2026/05/27 12:0 a.m.•5 views

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.92 contained a cross-site scripting vulnerability. This vulnerability stemmed from a stored-cross-site scripting vulnerability present in the product search moda...