FineCMS <=5.0.10 - Cross-Site Scripting

FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...

CVE-2025-1186

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

EUVD-2018-8202

Malware in sbrugna...

EUVD-2021-19282

Malware in sbrugna...

EUVD-2018-20707

Malware in sbrugna...

EUVD-2018-12584

Malware in sbrugna...

EUVD-2018-6822

Malware in sbrugna...

EUVD-2013-1836

Malware in sbrugna...

EUVD-2017-11165

Malware in sbrugna...

EUVD-2024-21555

Malicious code in bioql PyPI...

EUVD-2021-30593

Malicious code in bioql PyPI...

EUVD-2023-58880

Malicious code in bioql PyPI...

PT-2025-37390

Name of the Vulnerable Software and Affected Versions: eCharge Hardy Barth Salia PLCC version 2.2.0 Description: A security flaw exists in eCharge Hardy Barth Salia PLCC 2.2.0 related to unrestricted upload. The issue affects processing of the file /api.php. Manipulation of the setrfidlist argume...

CVE-2024-41371

Organizr v1.90 is vulnerable to Cross Site Scripting XSS via api.php...

CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App Books App, PDF, ePub, Online Book Reading, Download Books 10 via the authorid parameter to api.php...

CVE-2021-41408

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...

CVE-2017-20168

A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommende...

CVE-2025-3968 codeprojects News Publishing Site Dashboard api.php sql injection

A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /api.php. The manipulation of the argument catid leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-3968 codeprojects News Publishing Site Dashboard api.php sql injection

A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /api.php. The manipulation of the argument catid leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-3554 phpshe api.php cross site scripting

A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to...