PT-2025-15357 · Unknown · Mymagicpower Aias

Name of the Vulnerable Software and Affected Versions: mymagicpower AIAS 20250308 Description: A critical issue was found in mymagicpower AIAS, affecting an unknown function of the file 2 training platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The...

Apartment Visitor Management System 注入漏洞

Apartment Visitor Management System is an Apartment Visitor Management System by Carlo Montero Personal Developer. An injection vulnerability exists in Apartment Visitor Management System version 1.0, which stems from an incorrect manipulation of the parameter visname/address that can lead to SQL...

PT-2025-14472 · WordPress · Gift Certificate Creator

Name of the Vulnerable Software and Affected Versions: The Gift Certificate Creator plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated...

The vulnerability of the email notification sending function in Netgear WNR854T router software allows a hacker to execute arbitrary commands.

The vulnerability of the email notification sending function in Netgear WNR854T router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the emailaddress parameter. Exploiting this vulnerability allows ...

Exasol JDBC Driver 安全漏洞

Exasol JDBC Driver is a driver from Exasol for connecting to Exasol databases. A security vulnerability exists in Exasol JDBC Driver version 24.2.0, which originates from an attacker can inject malicious parameters into the JDBC URL, triggering a JNDI injection that could lead to remote code...

XunRuiCMS 代码注入漏洞

XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code injection vulnerability exists in XunRuiCMS 4.6.3 and earlier versions, which stems from the incorrect operation of the parameter Website Address that can lead to cross-site scripting...

CVE-2025-26320

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping...

zz 代码问题漏洞

zz is an e-commerce platform for zj1983 individual developers. A code issue vulnerability exists in zz 2024-8 and prior versions, which stems from improper handling of the url parameter in the HTTP request handling component, leading to server-side request forgery...

FiberHome AN5506-01A 命令注入漏洞

FiberHome AN5506-01A is a high-performance, low-power FTTH GPON optical network unit from China FiberHome. A command injection vulnerability exists in the FiberHome AN5506-01A ONU GPON RP2511, which originates from the Destination Address parameter of the Diagnosis component containing an operati...

CVE-2025-1171

A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument Address leads to cross site scripting. The attack can...

Code-Projects Real Estate Property Management System 跨站脚本漏洞

Code-Projects Real Estate Property Management System is a Code-Projects open source real estate property management system. A cross-site scripting vulnerability exists in Code-Projects Real Estate Property Management System version 1.0, which stems from the parameter Address in the file...

U.S. Dept Of Defense: IDOR Exposes PII of Tens of Thousands of Users and Supervisors

A vulnerability was discovered that exposed personally identifiable information PII of tens of thousands of users and supervisors. The vulnerability was found in a system that allowed users to submit a SAAR. By modifying a URL parameter, users could view other users' SAARs, which contained...

needyamin 跨站脚本漏洞

needyamin is an open source library card borrowing system by needyamin. A cross-site scripting vulnerability exists in needyamin version 1.0, which stems from a cross-site scripting attack due to incorrect manipulation of the firstname/lastname/email/borrow/useraddress parameters...

WordPress ElementsKit Pro plugin <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via url Parameter vulnerability discovered by Webbernaut in WordPress Plugin ElementsKit Pro versions = 3.7.8...

PT-2025-2196 · WordPress · Ws Form Lite

Name of the Vulnerable Software and Affected Versions: WS Form LITE – Drag & Drop Contact Form Builder for WordPress versions prior to 1.10.14 Description: The issue concerns Stored Cross-Site Scripting via the url parameter due to insufficient input sanitization and output escaping. This allows...

PT-2025-3827 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.7.8 Description: The issue is related to DOM-Based Stored Cross-Site Scripting via the url parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2024-56998

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting XSS in /edit-profile.php via the parameter $address...

CVE-2024-56998

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting XSS in /edit-profile.php via the parameter $address...

PT-2025-3375 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability in the /edit-profile.php file, specifically via the address parameter. This allows an attacker to inject malicious...

CVE-2024-56998

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting XSS in /edit-profile.php via the parameter $address...