6.1
CVE-2026-30567 -
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
8.8
CVE-2026-30531 - Authenticated SQL Injection in SourceCodester Online Food Ordering System v1.0 Allows Arbitrary SQLβ¦
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious β¦
4.8
CVE-2026-30527 - Stored XSS in Category Management of Online Food Ordering System
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. Wheβ¦
9.6
CVE-2026-30304 -
In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be poteβ¦
4.8
CVE-2026-30568 - Reflected XSS via limit Parameter in SourceCodester Sales and Inventory System
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the view_purchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
9.8
CVE-2026-30533 - SQL Injection in SourceCodester Online Food Ordering System Admin Manage Product
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter.
9.8
CVE-2026-30532 - SQL Injection in Admin View Product of Online Food Ordering System
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter.
4.6
CVE-2026-33699 - pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider applβ¦
8.8
CVE-2026-27893 - vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out.β¦
3.1
CVE-2026-29071 - Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/retrieval/query/collection`. Version 0.8.6 patches the issue.