3682 matches found
CVE-2025-70397
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...
CVE-2026-2622
A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...
CVE-2026-2622 Blossom Article Title ArticleController.java content cross site scripting
A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...
CVE-2026-2622 Blossom Article Title ArticleController.java content cross site scripting
A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...
CVE-2026-2622
Blossom Backend ≤ 1.17.1 contains a cross‑site scripting vulnerability in the Article Title Handler. The issue affects the ArticleController.java component (content manipulation in that file), allowing a remote attacker to trigger XSS. The exploit is public and can be used; vendor has not respond...
CVE-2026-2622 Blossom Article Title ArticleController.java content cross site scripting
A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...
CVE-2025-70397
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...
CVE-2025-70397
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...
PT-2026-20264
Name of the Vulnerable Software and Affected Versions jizhicms version 2.5.6 Description The software contains a SQL Injection issue in the 'Article/deleteAll' and 'Extmolds/deleteAll' functionalities. The issue is triggered through the data parameter. Recommendations Update to a newer version th...
CVE-2025-70397
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...
PT-2026-20340
Name of the Vulnerable Software and Affected Versions Blossom versions up to 1.17.1 Description A flaw exists in Blossom that allows for cross site scripting. The issue is located within the Article Title Handler component, specifically in the ArticleController.java file and its content function...
JIZHICMS(极致CMS) 安全漏洞
JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 2.5.6 of JIZHICMS contains a security vulnerability. This vulnerability arises from the lack of validation for the data parameters in functions like Article/deleteAll and Extmolds/deleteAll, whic...
Blossom 代码注入漏洞
Blossom is a project management platform developed by Blossom Inc. Versions of Blossom 1.17.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect operations on the content function in the file...
CVE-2025-70397
CVE-2025-70397 affects jizhicms 2.5.6. The vulnerability is a SQL Injection in two endpoints, Article/deleteAll and Extmolds/deleteAll, exploitable via the data parameter. Connected sources confirm the affected software and endpoints and mention a fix/update path in vendor advisories; no exploit ...
CVE-2025-70397
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...
WordPress plugin WP Last Modified Info 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-24416
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
CVE-2026-24416
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idarticolo parameter in the article pricing module's completion handler. An attacker can extract sensitive databa...
OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...