Skip to main content
CVE-2026-0579 MEDIUM POC This Month

SQL injection in the Online Product Reservation System 1.0 POST parameter handler allows unauthenticated remote attackers to manipulate product attributes like ID, name, and price to execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data theft, modification, and service disruption.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-0578 MEDIUM POC This Month

SQL injection in the Online Product Reservation System 1.0 administrator delete function allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this product.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-0576 MEDIUM POC This Month

SQL injection in the Online Product Reservation System 1.0 parameter handler allows unauthenticated remote attackers to manipulate cat/price/name/model/serial arguments and execute arbitrary SQL queries with public exploit code available. The vulnerability affects the /handgunner-administrator/prod.php endpoint and enables attackers to read, modify, or delete database contents without authentication. No patch is currently available for this high-severity flaw.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-0575 MEDIUM POC This Month

SQL injection in the administrator login component of code-projects Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate emailadd and pass parameters in /handgunner-administrator/adminlogin.php, enabling data exfiltration and modification. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-3653 HIGH This Week

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. [CVSS 7.3 HIGH]

Authentication Bypass Petlibro
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-3646 HIGH This Week

Petlibro versions up to 1.7.31 is affected by missing authentication for critical function (CVSS 7.3).

Authentication Bypass Petlibro
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-15115 MEDIUM This Month

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. [CVSS 6.5 MEDIUM]

AWS Authentication Bypass Petlibro
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-3660 MEDIUM This Month

Petlibro versions up to 1.7.31 contains a vulnerability that allows attackers to access other users' pet data by exploiting missing ownership verification (CVSS 6.5).

Authentication Bypass Petlibro
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0577 LOW POC Monitor

Online Product Reservation System versions up to 1.0 is affected by improper access control (CVSS 6.3).

PHP Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-0574 LOW POC Monitor

Improper authorization in the saveUserRole request handler of yeqifu Warehouse allows authenticated remote attackers to gain unauthorized access to user role functionality and modify permissions. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects Java-based Warehouse deployments using the affected commit and earlier versions.

Java Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15443 LOW POC Monitor

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. [CVSS 4.7 MEDIUM]

SQLi Crmeb
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15442 LOW POC Monitor

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. [CVSS 4.7 MEDIUM]

SQLi Crmeb
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-3654 MEDIUM This Month

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. [CVSS 5.3 MEDIUM]

Information Disclosure Petlibro
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-3652 MEDIUM This Month

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. [CVSS 5.3 MEDIUM]

Information Disclosure Petlibro
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-14830 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactory (Workers): from >=7.94.0 through <7.117.10. [CVSS 4.9 MEDIUM]

XSS
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-15446 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy