8.7
CVE-2026-30813 - SQL Injection in Module Search leads to Database Compromise
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800
2.1
CVE-2026-30812 - Stored Cross-Site Scripting in Event Comments via Filter Bypass
Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800
8.4
CVE-2026-30811 - Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure
Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800
8.7
CVE-2026-30809 - OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800
8.7
CVE-2026-30806 - OS Command Injection in Network Report leads to Remote Code Execution
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800
6.9
CVE-2026-6188 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and mβ¦
8.6
CVE-2026-30804 - Unrestricted File Upload in Extension Uploader leads to Remote Code Execution
Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800
5.3
CVE-2026-6231 - bson_validate may skip validation when processing certain inputs
The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that relβ¦
6.9
CVE-2026-6187 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit iβ¦
8.7
CVE-2026-6186 - UTT HiPER 1200GW formNatStaticMap strcpy buffer overflow
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit hβ¦