CVE-2026-26744

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...

CVE-2026-26744

FormaLMS 4.1.18 and earlier is affected by a user-enumeration flaw in the password-recovery endpoint (/lostpwd). The app returns different error messages for valid versus invalid usernames, enabling unauthenticated attackers to determine registered usernames via observable responses. The descript...

xbtitFM SQL注入漏洞

xbtitFM is a BitTorrent tracker software by the individual developer of xbtitFM. An SQL injection vulnerability exists in xbtitFM version 4.1.18, which stems from an SQL injection in the msgid parameter that could lead to the extraction of database credentials...

PT-2025-50763

Name of the Vulnerable Software and Affected Versions xbtitFM version 4.1.18 Description xbtitFM 4.1.18 contains a path traversal issue that allows unauthenticated attackers to access sensitive system files. Attackers can manipulate URL parameters using directory traversal techniques, such as...

PT-2025-50764

Name of the Vulnerable Software and Affected Versions xbtitFM version 4.1.18 Description The software contains an insecure file upload issue. Authenticated attackers with administrative privileges can upload and execute arbitrary PHP code through the file hosting feature. File type restrictions c...

EUVD-2024-28425

Malicious code in bioql PyPI...

CVE-2024-30505

Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.18...

Use of GET Request Method With Sensitive Query Strings

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the moddata module's edit and delete pages. An attacker can access the CSRF token by manipulating the URL parameters. Remediation Upgrade...

Incorrect Authorization

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient capability checks in the messaging web service. An attacker can view other users' names and online statuses by exploiting this flaw. Remediation Upgrade...

RHSA-2019:2860 Red Hat Security Advisory: OpenShift Container Platform 4.1.18 security update

Bulletin has no description...

CVE-2024-8517

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

BIT-MASTODON-2024-37903 Mastodon has improper authorship check on audience extension for existing posts

Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...

CVE-2024-30505

Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18...

Church Admin < 4.1.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via meta-text

Description The Church Admin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘meta-text’ parameter in versions up to, and including, 4.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

SUSE CVE-2006-3081

mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service crash via a NULL second argument to the strtodate function...

BigTree CMS Multiple CSRF Vulnerabilities

BigTree CMS is prone to multiple CSRF vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bigtreecms:bigtreecms";...

Fastspot BigTree CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-03386)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site request forgery vulnerability exists in Fastspot BigTree CMS versions 4.1.18 and 4.2.16. A remote attacker can exploit this vulnerability to delete users with...

Fastspot BigTree CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-03388)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site request forgery vulnerability exists in Fastspot BigTree CMS version 4.1.18. A remote attacker can exploit this vulnerability to perform unauthorized operation...

Cross site request forgery (csrf)

CSRF exists in BigTree CMS 4.1.18 with the nav-social parameter to the admin/settings/update/ page. The Navigation Social can be changed...

MySQL安全调用特权提升漏洞

MySQL是一款开放源代码的数据库程序。 MySQL在部分函数过程中不正确恢复访问特权，远程攻击者可以利用漏洞提升权限，进行其他攻击。 目前没有详细漏洞细节提供。 MySQL AB MySQL 5.1.17 MySQL AB MySQL 5.1.16 MySQL AB MySQL 5.1.15 MySQL AB MySQL 5.1.14 MySQL AB MySQL 5.1.13 MySQL AB MySQL 5.1.12 MySQL AB MySQL 5.1.11 MySQL AB MySQL 5.1.10 MySQL AB MySQL 5.1.9 MySQL AB MySQL 5.1...