6.9
CVE-2026-7130 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_category. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has β¦
8.7
CVE-2026-32688 - Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy
Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.to_atom/1 on the value returned by :cowboy_req.scheme/1. For HTTPβ¦
5.3
CVE-2026-7129 - SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of the argument ID results in cross site scripting. The attack is possible to be carried out remotely. The exploiβ¦
6.9
CVE-2026-7128 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has β¦
6.9
CVE-2026-7127 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has β¦
4.8
CVE-2026-40557 - Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables β¦
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description:Β In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validationΒ (by default it β¦
6.5
CVE-2026-41081 - Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication (the default configuration), the TlsTranspβ¦
6.9
CVE-2026-7126 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released toβ¦
7.3
CVE-2026-6265 - Local Privilege Escalation in Cerberus FTP Server =< 2025.4.2
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1
5.3
CVE-2025-15626 - Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application