154 matches found
EUVD-2026-30181
Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...
CVE-2026-32993
Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...
CVE-2026-32993
Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...
CVE-2026-32993
Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...
CVE-2026-32993
Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...
CVE-2026-32993
CVE-2026-32993 describes an vulnerability in cPanel & WHM where improper sanitization of the status query parameter on the /unprotected/nova_error endpoint allows an unauthenticated attacker to inject arbitrary HTTP headers in the response. The root cause is insufficient input handling for the st...
EUVD-2026-27185
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...
CVE-2026-4803
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...
CVE-2026-4803 Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...
CVE-2026-4803 Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...
PT-2026-36966
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr update form action meta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with ...
Improper Authorization
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Improper Authorization in the overrideStatus request parameter, which is processed by the setStatus function. An attacker can bypass administrative moderation and...
GHSA-M577-W9J8-CH7J AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
Summary AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and draft workflows. The setStatus method validates the status code again...
CVE-2026-34738 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and dra...
CVE-2026-5019
A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...
CVE-2026-5017
A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...
EUVD-2026-16959
A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...
EUVD-2026-16953
A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...
Code-Projects Simple Food Order System SQL注入漏洞
Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the code-projects Simple Food Order System has a SQL injection vulnerability. This vulnerability arises from an unknown function in the all-orders.php file used by the...
CVE-2026-5019
The CVE-2026-5019 issue affects code-projects’ Simple Food Order System 1.0, specifically the all-orders.php in the Parameter Handler. The vulnerability arises from manipulating the Status parameter, enabling a SQL injection. A remote attack is possible, and public exploit details have been discl...