|
2971
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Smart Coupons for WooCommer…
|
CWE-862
Missing Authorization
|
CVE-2026-45438
|
2026-05-27 04:31 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2972
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection.
This issue affects Unlimited Elemen…
|
CWE-89
SQL Injection
|
CVE-2026-48837
|
2026-05-27 04:31 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2973
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9411
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2974
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access c…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9412
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2975
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg lea…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9413
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2976
|
3.5 |
LOW
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9414
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2977
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler.…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9444
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2978
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulati…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-9445
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2979
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Na…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9447
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2980
|
8.1 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
|
CWE-89
SQL Injection
|
CVE-2026-48842
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
