CVE-2018-25382

Zechat 1.5 contains an SQL injection in the uname parameter that allows unauthenticated attackers to extract database information by injecting SQL through profile.php. The described payloads use UNION-based injections to enumerate table names, column names, and sensitive data from information_sch...

WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Eventicity versions = 1.5...

CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

EUVD-2018-21861

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

CVE-2018-25339

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that enables unauthenticated attackers to extract database information via time-based blind techniques. Exploitation can be performed to confirm vulnerability and retrieve data, indicating potential impact to confidentiality. Th...

EUVD-2018-21858

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

CVE-2018-25339

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

CVE-2018-25338

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

PT-2026-41565

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

Bylancer Zechat 跨站请求伪造漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat contains a cross-site request forgeing vulnerability. This vulnerability allows attackers to bypass anti-CSRF...

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from SQL injections in the hashtag parameter,...

GHSA-J9RH-P96M-MHHP jOpenDocument has an improper restriction of XML external entity reference vulnerability

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

CVE-2026-6501

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

CVE-2026-6501

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

CVE-2026-6501

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5...

ILM Informatique jOpenDocument 代码问题漏洞

ILM Informatique jOpenDocument is a document processing library developed by the French company ILM Informatique. Version 1.5 of ILM Informatique jOpenDocument contains a code vulnerability caused by improper restrictions on XML external entity references. This vulnerability may lead to an...

PT-2026-36826

Name of the Vulnerable Software and Affected Versions jOpenDocument version 1.5 Description Improper restriction of XML external entity reference in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This occurs when the application fails to properly restrict XML...

Smarteye iSmartViewPro 安全漏洞

Smarteye iSmartViewPro is a remote monitoring application for webcams developed by Smarteye Company in China. Version 1.5 of Smarteye iSmartViewPro contains a security vulnerability. This vulnerability stems from an improper handling of structured data in the “Save Path for Snapshot and Record”...

CVE-2026-4117 CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action

The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...

Schneider Electric PowerChute Serial Shutdown < 1.5 Multiple Vulnerabilities (SEVD-2026-104-01)

The version of Schneider Electric PowerChute Serial Shutdown installed on the remote host is prior to 1.5. It is, therefore, affected by multiple vulnerabilities, including: - An improper limitation of a pathname to a restricted directory vulnerability exists that could cause critical files to be...