CVE-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

Appsmith 访问控制错误漏洞

Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Prior to Appsmith 1.98, there was a security vulnerability related to access control. This vulnerability stemmed from unvalidated instance management API endpoint...

CVE-2020-37151 phpMyChat Plus 1.98 'deluser.php' SQL Injection

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmcusername parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database...

phpMyChat Plus SQL注入漏洞

phpMyChat Plus is a chat room system developed by Ciprianmp. Version 1.98 of phpMyChat Plus contains an SQL injection vulnerability. This vulnerability stems from the pmcusername parameter in the deluser.php page, which may lead to the exposure of sensitive database information...

PT-2026-6559

Name of the Vulnerable Software and Affected Versions phpMyChat Plus version 1.98 Description The software contains a SQL injection issue in the 'deluser.php' page. This allows manipulation of database queries through the pmc username parameter. Attackers can use boolean-based, error-based, and...

PT-2026-2293

Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 1.98 Description TinyWeb is a web server for Win32. Versions of TinyWeb HTTP Server before 1.98 contain a flaw that allows for operating system command injection. This occurs through CGI ISINDEX-style query parameters...

TinyWeb Server 操作系统命令注入漏洞

TinyWeb Server is a web server by Maxim Masiutin, an individual developer. An operating system command injection vulnerability exists in versions of TinyWeb Server prior to 1.98, which stems from passing commands via CGI ISINDEX style query parameters, which could lead to an OS command injection...

KLA90917 PE vulnerability in Microsoft Visual Studio Code

An elevation of privilege vulnerability was found in Microsoft Visual Studio Code. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-26631 Exploitation Related products Microsoft-Visual-Studio Visual-Studio-Code Microsoft-Visual-Studio-Code CVE list...

WordPress Share This Image plugin <= 1.98 - Open Redirection vulnerability

Open Redirection vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Share This Image versions = 1.98...

Delta Electronics TPEditor Buffer Error Vulnerability

Delta Electronics TPEditor is a Windows-based Delta text panel programming software from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics TPEditor v1.98 and prior that could allow an attacker to execute code with the privileges of the application...

Delta Electronics TPEditor 缓冲区错误漏洞

TPEditor is programming software for Delta Text Panels running on Windows. An out-of-bounds write vulnerability exists in TPEditor 1.98 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted project files...

CVE-2020-9265

phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmcusername...

CVE-2020-9265

CVE-2020-9265 affects phpMyChat-Plus 1.98, where the deluser.php Delete User functionality is vulnerable to multiple SQL injections due to insufficient input validation in the database queries. The vulnerability is demonstrated by pmc_username, with CVSSv3.1/2.0 scores indicating HIGH to CRITICAL...

phpMyChat Plus 1.98 SQL Injection

Title: phpMyChat Plus 1.98 - 'pmcusername' SQL Injection Date: 2020-02-13 Exploit Author: J3rryBl4nks Vendor Homepage: http://ciprianmp.com/latest/ Software Link: https://sourceforge.net/projects/phpmychat/files/phpMyChatPlus/ Version MyChat Plus 1.98 Tested on Windows 10/Kali Rolling The phpMyCh...

phpMyChat Plus 1.98 - (pmc_username) SQL Injection Vulnerability

Exploit for php platform in category web applications Title: phpMyChat Plus 1.98 - 'pmcusername' SQL Injection Exploit Author: J3rryBl4nks Vendor Homepage: http://ciprianmp.com/latest/ Software Link: https://sourceforge.net/projects/phpmychat/files/phpMyChatPlus/ Version MyChat Plus 1.98 Tested o...

phpMyChat-Plus Cross-Site Scripting Vulnerability

phpMyChat-Plus is a chat room system based on PHP and MySQL. A cross-site scripting vulnerability exists in phpMyChat-Plus version 1.98. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute...

CVE-2019-19908

phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmcusername parameter to passreset.php is vulnerable. Recent assessments: cinzinga at March 09, 2020 9:23pm UTC reported: I am the founder of this exploit. Google dorking...

Espruino Null Pointer Dereference Vulnerability

Espruino is a JavaScript interpreter for use in microcontrollers. A security vulnerability exists in Espruino versions prior to 1.98. An attacker could cause a denial of service null pointer backreference and application crash by exploiting this vulnerability with the help of specially crafted...

Null pointer dereference

Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c...

CVE-2018-11592

Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrapgraphics.c...