CVE-2025-69564

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...

CVE-2025-11687 Gi-docgen: reflected dom xss in gi-docgen

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

CVE-2021-47897

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the changeparams.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution...

CVE-2021-47897 PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the changeparams.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution...

CVE-2021-47897

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the changeparams.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution...

CVE-2021-47897 PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the changeparams.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution...

PT-2026-4513

Name of the Vulnerable Software and Affected Versions PEEL Shopping version 9.3.0 Description The software contains a stored cross-site scripting issue in the address parameter of the ''change params.php'' script. Attackers can inject malicious JavaScript payloads that execute when users interact...

CVE-2021-47858 Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'startaddr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they...

EUVD-2026-3641

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'startaddr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they...

EUVD-2026-2813

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...

CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...

D-Link DWR-M920 sub_42261C Function Stack Buffer Overflow Vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a stack buffer overflow vulnerability that stems from incorrect manipulation of the parameter ip6addr in the function sub42261C in the file /boafrm/formFilter, for which no detailed...

CVE-2023-45325

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database...

PT-2026-1440

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or...

CVE-2026-0597

A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/editprofile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has...

CVE-2026-0597

A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/editprofile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has...

lfi_tester.py

chmod +x lfitest...

PT-2025-53299

Name of the Vulnerable Software and Affected Versions Blitz Panel version 1.17.0 Description An open redirect issue exists in the login functionality of Blitz Panel. The issue is located in the /login endpoint and involves the next url parameter. Successful exploitation could allow an attacker to...

Teradek VidiU Pro 安全漏洞

Teradek VidiU Pro is a hardware live streaming encoder from Teradek USA. A security vulnerability exists in Teradek VidiU Pro version 3.0.3, which stems from the mishandling of the url and xmlurl parameters by the management interface, which could lead to a server-side request forgery attack...

CVE-2025-15048

CVE-2025-15048 affects Tenda WH450 (v1.0.0.18). The vulnerability is in the HTTP Request Handler’s /goform/CheckTools, where tampering with the ipaddress argument enables remote command injection. Exploitation has been publicly disclosed and PoC/materials exist in multiple references; impact is d...