|
5031
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access c…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9412
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5032
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg lea…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9413
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5033
|
3.5 |
LOW
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice …
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9414
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5034
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler.…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9444
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5035
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulati…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-9445
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5036
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Na…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9447
|
2026-05-27 04:26 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5037
|
8.1 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
|
CWE-89
SQL Injection
|
CVE-2026-48842
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5038
|
7.2 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure,…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48843
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5039
|
7.5 |
HIGH
Network
|
-
|
-
|
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been …
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-48844
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5040
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information discl…
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-48845
|
2026-05-27 04:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
