|
3561
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler.…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9444
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3562
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulati…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-9445
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3563
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Na…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9447
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3564
|
8.1 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
|
CWE-89
SQL Injection
|
CVE-2026-48842
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3565
|
7.2 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48843
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3566
|
7.5 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been …
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-48844
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3567
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information discl…
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-48845
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3568
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information di…
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-48846
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3569
|
3.7 |
LOW
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-48847
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3570
|
7.2 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48848
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
