Aggregator

CVE-2026-7228 | SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=get_cart_count ID sql injection

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability classified as critical has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get_cart_count of the file /admin/ajax.php?action=get_cart_count. This manipulation of the argument ID causes sql injection. This vulnerability is tracked as CVE-2026-7228. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2026-7227 | SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=login e-mail sql injection

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability described as critical has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. This vulnerability is identified as CVE-2026-7227. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-7226 | SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=login2 e-mail sql injection

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability marked as critical has been reported in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the argument e-mail leads to sql injection. This vulnerability is referenced as CVE-2026-7226. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2026-7225 | SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=delete_menu ID sql injection

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability labeled as critical has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete_menu of the file /admin/ajax.php?action=delete_menu. Executing a manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2026-7225. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2026-7224 | SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=delete_cart ID sql injection

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability identified as critical has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2026-7224. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2026-7223 | BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63 AI Proxy Middleware aiProxyMiddleware.mts fetch baseurl server-side request forgery (Issue 142)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability categorized as critical has been discovered in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2026-7223. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-7222 | code-projects Coaching Management System 1.0 Complaint Form Page complaint.php cross site scripting

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in code-projects Coaching Management System 1.0. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting. This vulnerability is handled as CVE-2026-7222. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2026-7221 | TencentCloudBase CloudBase-MCP up to 2.17.0 open-url API Endpoint interactive-server.ts openUrl req.body.url server-side request forgery (Issue 509)

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. It has been declared as critical. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. This vulnerability is known as CVE-2026-7221. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-7220 | jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620 fastly_cli Tool fastly-mcp.mjs command os command injection

VulDB Recent Entries
1 month 3 weeks ago
A vulnerability was found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. It has been classified as critical. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. The manipulation of the argument command leads to os command injection. This vulnerability is traded as CVE-2026-7220. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

APT73

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

Managed ad