PT-2025-45183

Name of the Vulnerable Software and Affected Versions Netigma versions 6.3.5 through 28102025 Description Netigma software contains a flaw related to improper neutralization of input during web page generation, potentially leading to Cross-site Scripting XSS. This issue arises from vulnerabilitie...

EUVD-2023-39197

Malicious code in bioql PyPI...

EUVD-2025-8326

Malicious code in bioql PyPI...

CVE-2025-9798

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad Software Inc. Netigma allows Stored XSS.This issue affects Netigma: from 6.3.3 before 6.3.5 V8...

PT-2025-39157

Name of the Vulnerable Software and Affected Versions Netigma versions 6.3.3 through 6.3.4 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Stored Cross-site Scripting XSS condition. This allows for the injection of malicious...

CVE-2025-58626 WordPress RumbleTalk Live Group Chat Plugin <= 6.3.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Stored XSS.This issue affects RumbleTalk Live Group Chat: from n/a through = 6.3.5...

WordPress plugin RumbleTalk Live Group Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2025-30870

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through = 6.3.5...

CVE-2025-30870

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through = 6.3.5...

CVE-2025-30870

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through = 6.3.5...

Access Control Bypass

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Access Control Bypass through the server.fs.deny configuration, which is bypassed when using ?import query with inline and raw parameters. An attacker can read arbitrary...

WordPress plugin WP Travel Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Incorrect Authorization

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Incorrect Authorization due to missing checks in transformMiddleware which ignore certain query parameters. An attacker can access unauthorized files by including a ?raw?? ...

CVE-2025-26932

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through = 6.3.5...

CVE-2025-26932

CVE-2025-26932 affects WPBot (WordPress WPBot ChatBot). The vulnerability is an authenticated Local File Inclusion (LFI) due to improper control of include/require statements. Affected versions are ChatBot up to 6.3.5. Patch status: Patched in the available update.

WordPress plugin ChatBot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-31869 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: kishan0725's Hospital Management System version 6.3.5 Description: A Cross-Site Request Forgery CSRF issue exists, allowing an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an...

CVE-2024-45429

Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...

CVE-2024-45429

Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...

WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...