9 matches found
CVE-2026-22438
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.This issue affects TheBi: from n/a through = 1.0.5...
CVE-2026-22365
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a through = 1.0.5...
EUVD-2025-202043
Missing Authorization vulnerability in Hype Hype pico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hype: from n/a through = 1.0.5...
CVE-2025-8975
CVE-2025-8975 affects givanz Vvveb up to 1.0.5, where the slug parameter is mishandled in the file admin/template/content/edit.tpl, enabling cross-site scripting. The issue can be exploited remotely and the exploit has been disclosed publicly. A fix is available in version 1.0.6; patch hash: 84c1...
PT-2024-35067 · Unknown · Ekiline Block Collection
Name of the Vulnerable Software and Affected Versions: Ekiline Block Collection versions 1.0.0 through 1.0.5 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS attacks...
CVE-2024-43341
Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5...
CVE-2024-43958
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5...
PT-2023-27751 · Unknown · Juplink Rx4-1500
Name of the Vulnerable Software and Affected Versions: Juplink RX4-1500 versions V1.0.2 through V1.0.5 Description: The issue allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint "homemng.htm". This enables attackers to inject command...
tcmu-runner null pointer backreference vulnerability
tcmu-runner is a daemon for handling user space for LIO TCM user backend storage. A security vulnerability exists in the 'onunregisterhandler' function in tcmu-runner versions 1.0.5 through 1.2.0. An attacker can exploit the vulnerability to cause a denial of service null pointer backreference...