EUVD-2026-26305

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

CVE-2026-7468

The CVE covers 1024-lab smart-admin up to version 3.30.0, affecting an unknown function in /smart-admin-api/druid/index.html of the Demo Site. The issue enables improper access controls via a remote attack, with a publicly disclosed exploit and a PROOF-OF-CONCEPT status in the metrics. Affected p...

smart-admin 安全漏洞

Smart-Admin is a rapid development platform developed by individual developers of 1024-lab. Versions of Smart-Admin prior to 3.30.0 contain security vulnerabilities. These vulnerabilities stem from an unknown feature of the Demo Site component in the /smart-admin-api/druid/index.html file, which...

PT-2026-36032

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

EUVD-2025-31314

Malicious code in bioql PyPI...

CVE-2025-58914

Cross-Site Request Forgery CSRF vulnerability in Di Themes Di Themes Demo Site Importer di-themes-demo-site-importer allows Cross Site Request Forgery.This issue affects Di Themes Demo Site Importer: from n/a through = 1.2...

CVE-2025-58914

Cross-Site Request Forgery CSRF vulnerability in Di Themes Di Themes Demo Site Importer di-themes-demo-site-importer allows Cross Site Request Forgery.This issue affects Di Themes Demo Site Importer: from n/a through = 1.2...

CVE-2025-58914 WordPress Di Themes Demo Site Importer plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Plugin Activation vulnerability

Cross-Site Request Forgery CSRF vulnerability in Di Themes Di Themes Demo Site Importer allows Cross Site Request Forgery. This issue affects Di Themes Demo Site Importer: from n/a through 1.2...

CVE-2025-58914

CVE-2025-58914 describes a CSRF vulnerability in the WordPress plugin Di Themes Demo Site Importer , affecting versions up to 1.2 (the range includes from n/a to 1.2). The Connected documents confirm the vulnerability type (CSRF) and the affected software, but do not provide concrete remediation ...

WordPress plugin Di Themes Demo Site Importer 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site request forgery...

PT-2025-39531

Name of the Vulnerable Software and Affected Versions Di Themes Demo Site Importer versions through 1.2 Description A Cross-Site Request Forgery issue exists in Di Themes Demo Site Importer. This allows attackers to perform actions on behalf of authenticated users. Recommendations Update to a...

WordPress Di Themes Demo Site Importer plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Plugin Activation vulnerability

Cross Site Request Forgery CSRF to Plugin Activation vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Di Themes Demo Site Importer versions = 1.2...

CVE-2024-26484

A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...

Webpay E-Commerce 1.0 Directory Traversal

============================================================================================================================================= | Title : Webpay E-Commerce v1.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...

Agop CMS 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Agop CMS v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor :...

Moodle 4.3 - Reflected XSS Vulnerability

Exploit Title: Moodle 4.3 Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given credentials USER: teach...

CVE-2024-26484

A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...