EUVD-2026-14936

Craft CMS: Low-privilege users could read private asset contents when editing an asset IDOR...

CVE-2025-69236

Raytha CMS is vulnerable to Stored XSS via FieldValues1.Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version...

CVE-2026-24351

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.3 contained a security vulnerability. This vulnerability stemmed from improper editing of log data, which could allow malicious applications to access...

WordPress WP eStore plugin < 8.5.6 - Reflected XSS in Product Editing vulnerability

Reflected XSS in Product Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.6...

CVE-2018-19620

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...

CVE-2020-10410

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-user.php by adding a question mark ? followed by the payload...

PT-2025-52836

Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.7.4 Description The software contains an authenticated remote code execution issue in the content editing functionality. Administrative users can upload malicious PHP files. Attackers with valid credentials can exploit th...

EUVD-2025-198002

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. The vendor was notified early about this...

PT-2025-47308

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a flaw that allows attackers to perform Cross-Site Request Forgery CSRF attacks in the user editing functionality. The existing CSRF protection can be...

EUVD-2017-7399

Malware in sbrugna...

EUVD-2018-10457

Malware in sbrugna...

EUVD-2022-24793

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.journal.web is a Liferay Journal Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the use of journalEditArticleDisplayContext.getBackURL when editing articles. An attacker can execute arbitrary JavaScript code in the context of...

PT-2025-31883 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 1.3.9 Description: Cursor, a code editor built for programming with AI, allows writing in-workspace files without user approval in affected versions. Specifically, creating new dotfiles does not require approval, whil...

CVE-2024-22714

Stupid Simple CMS =1.2.4 is vulnerable to Cross Site Scripting XSS in the editing section of the article content...

CVE-2023-26839

A cross-site request forgery CSRF vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site...

CVE-2023-34464

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of...

CVE-2022-26198

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

CVE-2025-30148

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The...