Lucene search
K

303116 matches found

NVD
NVD
added 3 hours ago5 views

CVE-2026-14694

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS
Exploits0References6
NVD
NVD
added 3 hours ago4 views

CVE-2026-14692

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS
Exploits0References6
CVE
CVE
added 4 hours ago4 views

CVE-2026-14694

SourceCodester Multi-Vendor Online Grocery Management System 1.0 is affected. The issue lies in the cancel_order function (classes/Master.php, POST Parameter Handler) where manipulating the ID parameter enables SQL injection. The vulnerability can be exploited remotely and the exploit has been di...

6.5CVSS6.5AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 hours ago2 views

CVE-2026-14694

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS6.5AI score
Exploits0References6Affected Software1
Cvelist
Cvelist
added 4 hours ago6 views

CVE-2026-14694 SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php cancel_order sql injection

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS
Exploits0References6
EUVD
EUVD
added 4 hours ago5 views

EUVD-2026-41717

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS5.8AI score
Exploits0References6
CVE
CVE
added 5 hours ago6 views

CVE-2026-14692

The CVE-2026-14692 entry concerns SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26 where the function save_shop_type in classes/Master.php (POST Parameter Handler) is vulnerable to SQL injection. The vulnerability can be exploited remotely, and the exploit is publicly avail...

6.5CVSS6.5AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-14692

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS6.5AI score
Exploits0References6Affected Software1
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-14692 SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php save_shop_type sql injection

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS
Exploits0References6
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-41715

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 7 hours ago6 views

PT-2026-55757

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel order of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possibl...

6.5CVSS6.5AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 7 hours ago5 views

PT-2026-55755

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function save shop type of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS6.5AI score
Exploits0References7
NVD
NVD
added yesterday6 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

Exploits0References5
NVD
NVD
added yesterday5 views

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2026-12740

Plack::Middleware::OAuth (Perl) versions up to 0.10 are affected. The vulnerability arises because RequestTokenV2 does not issue a state value and AccessTokenV2 continues the OAuth flow without verifying that the callback matches the initiated session. This enables login CSRF: an attacker can ini...

5.9AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score
Exploits0References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-41687

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score
Exploits0References4
Cvelist
Cvelist
added yesterday12 views

CVE-2026-12740 Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider (Perl) prior to v0.23 lacks OAuth 2.0 state handling. The authentication_url may omit a state value and the callback does not verify the callback corresponds to the initiating session, enabling login CSRF where an attacker can complete the victim’s authoriza...

5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

5.9AI score
Exploits0References4
Rows per page
Query Builder