5.1
CVE-2026-7393 - SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted β¦
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be caβ¦
5.3
CVE-2026-6915 - Flaw in the updateUser Command May Allow Unauthorized Configuration Change
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.
7.1
CVE-2026-6914 - MD5 checksum creation may cause availability loss
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior tβ¦
5.3
CVE-2026-7392 - SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been diβ¦
0.0
CVE-2026-0206 -
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
0.0
CVE-2026-0205 -
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
0.0
CVE-2026-0204 -
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
5.3
CVE-2026-7391 - SourceCodester Pharmacy Sales and Inventory System ajax.php save_supplier sql injection
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publishβ¦
7.5
CVE-2026-42198 - pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. β¦
5.1
CVE-2026-7390 - SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now β¦