Conecteo Kiamo 安全漏洞

Conecteo Kiamo is a multi-channel customer interaction and contact center management platform developed by the French company Conecteo. Versions of Conecteo Kiamo prior to version 8.4 contained security vulnerabilities. These vulnerabilities were due to improper permission verification, which cou...

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

PT-2026-31573

Name of the Vulnerable Software and Affected Versions code-projects Online Shoe Store version 1.0 Description A cross-site scripting issue exists due to manipulation of the product name argument in an unknown function within the /admin/admin running.php file. This allows for remote attacks...

Code-Projects Simple IT Discussion Forum SQL注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of the code-projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter postid in the...

CVE-2026-5814 PHPGurukul Online Course Registration check_availability.php sql injection

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-5810

Summary (CVE-2026-5810): A flaw in SourceCodester Sales and Inventory System 1.0 affects an unknown function in /delete.php that handles the GET parameter ID. Manipulating this argument leads to cross-site scripting (XSS). Remote exploitation is possible, and the exploit has been published. CVSS ...

CVE-2026-5806 code-projects Easy Blog Site update.php cross site scripting

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...

CVE-2021-4473

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...

EUVD-2026-20472

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Micdrop versions = 1.3.1...

WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme SingleMalt versions = 1.5...

WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Mildhill versions = 1.5...

WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Santé versions = 1.5.1...

WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Valiance versions = 1.2...

WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Playroom versions = 1.4.1...

WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Fidalgo versions = 1.2.2...

WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Töbel versions = 1.8.1...

WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Aperitif versions = 1.6...

EUVD-2026-20365

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through = 1.2.59...

EUVD-2026-20202

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through = 8.3...