6.9

CVSS4.0

CVE-2026-6189 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has โ€ฆ

๐Ÿ“… Published: April 13, 2026, 4 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 6:54 p.m.

6.8

CVSS3.1

CVE-2025-31991 - HCL DevOps Velocity is susceptible to brute-force attacks

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit.ย  This vulnerability is fixed in 5.1.7.

๐Ÿ“… Published: April 13, 2026, 3:56 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 5:11 p.m.

7.5

CVSS4.0

CVE-2026-34188 - OS Command Injection in Event Response Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800

๐Ÿ“… Published: April 13, 2026, 3:50 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 5:25 p.m.

8.7

CVSS4.0

CVE-2026-34186 - SQL Injection in Custom Fields leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800

๐Ÿ“… Published: April 13, 2026, 3:49 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 5:30 p.m.

8.7

CVSS4.0

CVE-2026-30813 - SQL Injection in Module Search leads to Database Compromise

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800

๐Ÿ“… Published: April 13, 2026, 3:49 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 5:42 p.m.

2.1

CVSS4.0

CVE-2026-30812 - Stored Cross-Site Scripting in Event Comments via Filter Bypass

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800

๐Ÿ“… Published: April 13, 2026, 3:48 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 5:55 p.m.

8.4

CVSS4.0

CVE-2026-30811 - Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800

๐Ÿ“… Published: April 13, 2026, 3:47 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 5:58 p.m.

8.7

CVSS4.0

CVE-2026-30809 - OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800

๐Ÿ“… Published: April 13, 2026, 3:46 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 6:05 p.m.

8.7

CVSS4.0

CVE-2026-30806 - OS Command Injection in Network Report leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800

๐Ÿ“… Published: April 13, 2026, 3:45 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 6:08 p.m.

6.9

CVSS4.0

CVE-2026-6188 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and mโ€ฆ

๐Ÿ“… Published: April 13, 2026, 3:45 p.m. ๐Ÿ”„ Last Modified: April 13, 2026, 4:16 p.m.
Total resulsts: 344670
Page 54 of 34,467
ยซ previous page ยป next page
Filters