CVE-2026-8083

Daily digests

An attacker can remotely inject SQL through the user-save endpoint in SourceCodester Pharmacy Sales and Inventory System 1.0. No authentication appears to be required, and a public exploit already exists. If you're running this app, anyone on the network can read or modify your database.

• Daily Digest · May 8, 2026

  Linux ksmbd RCE (9.8) + Azure Cloud Shell injection