Lucene search
K

409 matches found

Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.10 views

PT-2025-49563

Name of the Vulnerable Software and Affected Versions code-projects Online Ordering System version 1.0 Description A security issue exists in code-projects Online Ordering System 1.0. The vulnerability involves the manipulation of the Username argument, leading to SQL injection. This affects an...

9.8CVSS7.5AI score0.00339EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.5 views

CVE-2025-13622

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS5.6AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.5 views

CVE-2025-13623

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.6AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2025/12/05 6:16 a.m.6 views

CVE-2025-13622

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS0.00219EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 6:16 a.m.5 views

CVE-2025-13623

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00219EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.4 views

CVE-2025-13623 Twitscription <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 5:31 a.m.5 views

EUVD-2025-201373

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.2AI score0.00219EPSS
Exploits0References5
CVE
CVE
added 2025/12/05 5:31 a.m.21 views

CVE-2025-13623

CVE-2025-13623 – Twitscription (WordPress) is a Reflected Cross-Site Scripting vulnerability in the Twitscription WordPress plugin. According to the details, it affects all versions up to and including 0.1.1 and arises from insufficient input sanitization and output escaping in the admin.php PATH...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References4
CVE
CVE
added 2025/12/05 5:31 a.m.17 views

CVE-2025-13622

CVE-2025-13622 — Jabbernotification (WordPress) Reflected XSS : The WordPress Jabbernotification plugin is vulnerable to a reflected Cross-Site Scripting attack via admin.php PATH_INFO in versions

6.1CVSS5.3AI score0.00219EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/05 5:31 a.m.3 views

EUVD-2025-201374

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS5.2AI score0.00219EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/05 5:31 a.m.37 views

CVE-2025-13622 Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS0.00219EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.6 views

CVE-2025-13622 Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO

The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATHINFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.6 views

PT-2025-49029

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A cross site scripting issue exists in dayrui XunRuiCMS. The issue is located in the Domain Name Binding Page, specifically within the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile. The...

6.1CVSS3.3AI score0.00234EPSS
Exploits1References9
EUVD
EUVD
added 2025/12/02 1:21 a.m.5 views

EUVD-2025-36426

Keycloak unable to restrict access to the admin console...

3.7CVSS6AI score0.00386EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/23 6:30 p.m.7 views

EUVD-2025-198580

A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed a...

7.5CVSS6.6AI score0.00346EPSS
Exploits1References6
CNVD
CNVD
added 2025/11/20 12:0 a.m.5 views

Responsive Hotel Site usersetting.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter usname in the file /admin/usersetting.php. An attacker can exploit this...

9.8CVSS8.2AI score0.00373EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.5 views

CampCodes Retro Basketball Shoes Online Store 代码问题漏洞

CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A code issue vulnerability exists in CampCodes Retro Basketball Shoes Online Store version 1.0, which stems from incorrect manipulation of the parameter productimage in the file...

7.2CVSS5.2AI score0.00303EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/11/19 12:0 a.m.10 views

CVE-2025-63719

Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username...

0.00181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/17 1:14 p.m.6 views

CVE-2025-13181

A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclos...

5.1CVSS3.4AI score0.00256EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/07 2:2 p.m.5 views

CVE-2025-12857 code-projects Responsive Hotel Site roombook.php sql injection

A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

5.8CVSS6.7AI score0.00373EPSS
Exploits1References5
Rows per page
Query Builder